CRITICAL: SonicWall SMA 1000 Zero-Days Under Active Attack, One Scoring a Perfect 10.0
SonicWall confirmed active exploitation of two SMA 1000 zero-days. CVE-2026-15409 is a maximum severity 10.0 unauthenticated SSRF that chains with CVE-2026-15410, a post-auth code injection, to hand attackers unauthenticated remote command execution as administrator. CISA added both to its KEV catalog with a July 17 federal patch deadline. Patch to 12.4.3-03453 or 12.5.0-02835 immediately.