Vendor scorecard
SonicWall
SonicWall security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: sonicwall
Product families
3
Open in latest
63
Inferred — see methodology
Last disclosure
Apr 29, 2026
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| SonicOSNGFW / Network Security · Secure Remote Access / VPNsonicos | 10 | 35 | 8.2.0-8009HIGH | ||
| SMA / Secure Mobile AccessSecure Remote Access / VPNsma1000_firmware, sma100_firmware, secure_mobile_access | 0 | 2 | 10.2.1.0-17svMED | ||
| Global Management SystemNetwork Management & Monitoringglobal_management_system | 0 | 27 | 9.3.2MED |
02
Recent CVEs
10 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-0206(opens NVD record) | Medium | 4.9 | A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall. | Apr 29, 2026 |
| CVE-2026-0205(opens NVD record) | Medium | 6.8 | A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | Apr 29, 2026 |
| CVE-2026-0204(opens NVD record) | High | 8.0 | A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions. | Apr 29, 2026 |
| CVE-2026-3439(opens NVD record) | Medium | 4.9 | A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | Mar 4, 2026 |
| CVE-2026-0402(opens NVD record) | Medium | 4.9 | A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | Feb 24, 2026 |
| CVE-2026-0401(opens NVD record) | Medium | 4.9 | A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. | Feb 24, 2026 |
| CVE-2026-0400(opens NVD record) | Medium | 4.9 | A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. | Feb 24, 2026 |
| CVE-2026-0399(opens NVD record) | Medium | 4.9 | Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | Feb 24, 2026 |
| CVE-2025-40601(opens NVD record) | High | 7.5 | A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. | Nov 20, 2025 |
| CVE-2025-40600(opens NVD record) | Critical | 9.8 | Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | Jul 29, 2025 |
10 CVEs · 3 product families