PatchSiren cyber security CVE debrief
CVE-2026-4112 Psirt CVE debrief
CVE-2026-4112 affects SonicWall SMA1000 series appliances and was published on 2026-04-09. According to the public description, a remote authenticated attacker with read-only administrator privileges can abuse an SQL injection weakness to escalate to primary administrator. That combination of authenticated access and full privilege gain makes this a serious management-plane issue for any environment that uses SMA1000 for remote access or security administration.
- Vendor
- Psirt
- Product
- Unknown
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-09
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-04-09
- Advisory updated
- 2026-05-10
Who should care
SonicWall SMA1000 administrators, security teams that manage appliance-based remote access, and incident responders should prioritize this if their environments include read-only admin accounts or delegated management roles on SMA1000 appliances.
Technical summary
The issue is an improper neutralization of special elements used in an SQL command (CWE-89) in SonicWall SMA1000 series appliances. The supplied NVD metadata indicates network attack vector, low attack complexity, no user interaction, and high privileges required, with impact to confidentiality, integrity, and availability. The described outcome is privilege escalation from read-only administrator to primary administrator.
Defensive priority
High. Even though the CVSS score is 7.2, the affected component is an administrative appliance and the flaw can convert limited administrative access into full control. That makes validation and remediation important wherever SMA1000 is deployed.
Recommended defensive actions
- Check whether any SonicWall SMA1000 series appliances are present in your environment.
- Review SonicWall's advisory for SNWLID-2026-0003 and apply the vendor-recommended fix or update path as soon as it is available.
- Audit read-only and delegated administrator accounts on SMA1000 appliances and remove unnecessary privileged access.
- Review appliance logs and administrator account history for unexpected privilege changes or new primary administrator activity.
- Restrict management access to the appliance to trusted administrative networks and enforce least-privilege access patterns.
- After remediation, verify that only intended administrators retain access and that configuration and account settings match baseline expectations.
Evidence notes
This debrief is based on the supplied CVE description, NVD metadata, and the referenced SonicWall PSIRT advisory link. The NVD snapshot identifies the weakness as CWE-89 and lists the vulnerability status as "Undergoing Analysis". No exploit details, proof-of-concept material, or unsupported remediation claims were used.
Official resources
-
CVE-2026-4112 CVE record
CVE.org
-
CVE-2026-4112 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Publicly disclosed on 2026-04-09. The NVD source snapshot supplied here shows the entry as undergoing analysis; this summary avoids speculative details and uses only the provided description and official references.