Changeflow GovPing Data Privacy & Cybersecurity Multiple Vulnerabilities in SonicWall Email Sec...
Priority review Notice Added Final

Multiple Vulnerabilities in SonicWall Email Security

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published April 1st, 2026
Detected April 1st, 2026
Email

Summary

CERT-FR issued an advisory identifying three vulnerabilities (CVE-2026-3468, CVE-2026-3469, CVE-2026-3470) in SonicWall Email Security versions prior to 10.0.35.8405. The vulnerabilities expose affected systems to remote data integrity compromise, denial of service attacks, and cross-site scripting (XSS). Organizations using this product should apply vendor patches immediately.

View original document View source feed page

What changed

CERT-FR published advisory CERTFR-2026-AVI-0383 on April 1, 2026, disclosing three vulnerabilities in SonicWall Email Security discovered via vendor bulletin SNWLID-2026-0002 (March 31, 2026). The CVEs affect versions before 10.0.35.8405 and carry risks of remote data integrity compromise, remote denial of service, and indirect remote code injection (XSS).

Organizations using SonicWall Email Security must verify their current version and upgrade to 10.0.35.8405 or later by obtaining patches from the vendor's PSIRT bulletin. Failure to patch leaves systems vulnerable to remote exploitation. No compliance deadlines are specified by CERT-FR; immediate action is recommended given the severity of remote code injection and DoS risks.

What to do next

  1. Identify all SonicWall Email Security installations within your infrastructure
  2. Check current version and upgrade to 10.0.35.8405 or later if version is earlier
  3. Monitor vendor PSIRT for future updates at psirt.global.sonicwall.com

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 01 avril 2026 N° CERTFR-2026-AVI-0383 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Sonicwall Email Security

Gestion du document

| Référence | CERTFR-2026-AVI-0383 |
| Titre | Multiples vulnérabilités dans Sonicwall Email Security |
| Date de la première version | 01 avril 2026 |
| Date de la dernière version | 01 avril 2026 |
| Source(s) | Bulletin de sécurité SonicWall SNWLID-2026-0002 du 31 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Déni de service à distance
  • Injection de code indirecte à distance (XSS)

Systèmes affectés

  • Email Security versions antérieures à 10.0.35.8405

Résumé

De multiples vulnérabilités ont été découvertes dans Sonicwall Email Security. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 01 avril 2026 Version initiale

Named provisions

Risques Systèmes affectés Résumé Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Chrome Vulnerabilities - Actively Exploited CVE-2026-5281
Urgent Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiples vulnérabilités dans les produits Microsoft
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Joomla! Multiple Vulnerabilities - SQL Injection and XSS
Priority review Apr 01, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Critical Axios Supply Chain Compromise via npm
Urgent Apr 01, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
Priority review Apr 01, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Critical CVSS 9.8 Vulnerabilities in Red Hat Ansible Allow Remote Code Execution
Urgent Apr 01, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
April 1st, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
CERTFR-2026-AVI-0383

Who this affects

Applies to
Government agencies Technology companies
Industry sector
5112 Software & Technology 5182 Data Processing & Hosting
Activity scope
Vulnerability Management Email Security Administration Patch Management
Threshold
Email Security versions prior to 10.0.35.8405
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Consumer Protection

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 107 Environment 85 Government & Legislation 324 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.