High severity7.2NVD Advisory· Published Apr 9, 2026· Updated May 14, 2026
CVE-2026-4112
CVE-2026-4112
Description
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
Affected products
6cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:sonicwall:sma6210_firmware:*:*:*:*:*:*:*:*range: <12.4.3-03387
- cpe:2.3:o:sonicwall:sma7210_firmware:*:*:*:*:*:*:*:*range: <12.4.3-03387
Patches
Vulnerability mechanics
References
1- psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003nvdVendor Advisory
News mentions
0No linked articles in our index yet.