Changeflow GovPing Data Privacy & Cybersecurity Multiple Vulnerabilities in SonicWall SMA1000 P...
Priority review Notice Added Final

Multiple Vulnerabilities in SonicWall SMA1000 Products

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0409 warning of four critical vulnerabilities (CVE-2026-4112 through CVE-2026-4116) in SonicWall SMA1000 secure mobile access products. Affected versions include 12.4.3-x prior to 12.4.3-03387 and 12.5.0-x prior to 12.5.0-02624. Successful exploitation could result in data confidentiality breaches, security policy bypass, and privilege escalation.

View original document View source feed page

What changed

CERT-FR published security advisory warning of four vulnerabilities in SonicWall Secure Mobile Access (SMA1000) products. The vulnerabilities affect versions 12.4.3-x prior to 12.4.3-03387 and 12.5.0-x prior to 12.5.0-02624. Attackers could exploit these flaws to achieve data confidentiality breach, security policy bypass, or privilege escalation. Four CVEs are referenced: CVE-2026-4112, CVE-2026-4113, CVE-2026-4114, and CVE-2026-4116.

Organizations running affected SonicWall SMA1000 products face immediate security risk and should apply vendor patches from SonicWall PSIRT advisory SNWLID-2026-0003. Network administrators should prioritize patching internet-facing SMA devices given the privilege escalation and security bypass risks. CVE references are available at cve.org for detailed technical specifications.

What to do next

  1. Identify SonicWall SMA1000 installations in your network
  2. Apply vendor patches to update to version 12.4.3-03387 (for 12.4.3-x) or 12.5.0-02624 (for 12.5.0-x)
  3. Monitor for indicators of compromise related to CVE-2026-4112 through CVE-2026-4116

Archived snapshot

Apr 9, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 09 avril 2026 N° CERTFR-2026-AVI-0409 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Sonicwall Secure Mobile Access

Gestion du document

| Référence | CERTFR-2026-AVI-0409 |
| Titre | Multiples vulnérabilités dans Sonicwall Secure Mobile Access |
| Date de la première version | 09 avril 2026 |
| Date de la dernière version | 09 avril 2026 |
| Source(s) | Bulletin de sécurité SonicWall SNWLID-2026-0003 du 08 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Élévation de privilèges

Systèmes affectés

  • SMA1000 versions 12.4.3-x antérieures à 12.4.3-03387
  • SMA1000 versions 12.5.0-x antérieures à 12.5.0-02624

Résumé

De multiples vulnérabilités ont été découvertes dans Sonicwall Secure Mobile Access. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 09 avril 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in SAP Products Allow Remote Code Execution
Priority review Apr 14, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Windows Vulnerabilities Enable Code Execution, Privilege Escalation
Urgent Apr 15, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Microsoft Office Vulnerabilities Allow Remote Code Execution, Data Breach
Priority review Apr 15, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CERT-FR
Published
April 9th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0409

Who this affects

Applies to
Technology companies Government agencies Employers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability patching Network security Remote access administration
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Telecommunications

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 314 Consumer Protection 46 Courts & Legal 361 Data Privacy & Cybersecurity 76 Defense & National Security 51 Education 22 Energy 100 Environment 86 Environmental & Energy 12 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 279 Government Operations 6 Healthcare 136 Healthcare & Life Sciences 6 Housing 16 Immigration 8 Immigration & Border Control 1 Insurance 58 Labor & Employment 115 Legal & Judicial 11 Pharma & Drug Safety 104 Public Health 2 Real Estate & Housing 4 Sanctions & Export Controls 1 Securities & Investments 14 Securities & Markets 103 Securities Regulation 6 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 60

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!