<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 11:48:33 +0000</lastBuildDate>
    <item>
      <title>497b5634-72a3-4060-9deb-56e9db90a65f</title>
      <link>https://vulnerability.circl.lu/sighting/497b5634-72a3-4060-9deb-56e9db90a65f/export</link>
      <description>{"uuid": "497b5634-72a3-4060-9deb-56e9db90a65f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqr2llo23i2i", "content": "Rapid7 reported active zero-day exploitation of SonicWall SMA1000 flaws CVE-2026-15409 and CVE-2026-15410, enabling appliance access, credential theft, TOTP seed harvesting, and movement into internal Active Directory. #SonicWall #SMA1000", "creation_timestamp": "2026-07-16T10:45:24.461824Z"}</description>
      <content:encoded>{"uuid": "497b5634-72a3-4060-9deb-56e9db90a65f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqr2llo23i2i", "content": "Rapid7 reported active zero-day exploitation of SonicWall SMA1000 flaws CVE-2026-15409 and CVE-2026-15410, enabling appliance access, credential theft, TOTP seed harvesting, and movement into internal Active Directory. #SonicWall #SMA1000", "creation_timestamp": "2026-07-16T10:45:24.461824Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/497b5634-72a3-4060-9deb-56e9db90a65f/export</guid>
      <pubDate>Thu, 16 Jul 2026 10:45:24 +0000</pubDate>
    </item>
    <item>
      <title>9c68a613-c882-4b36-bbd2-5d5e88d64cb6</title>
      <link>https://vulnerability.circl.lu/sighting/9c68a613-c882-4b36-bbd2-5d5e88d64cb6/export</link>
      <description>{"uuid": "9c68a613-c882-4b36-bbd2-5d5e88d64cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqqwveegxx2v", "content": "Overnight our global honeypot network picked up broad scale exploitation of CVE-2026-15409 targeting SonicWall SMA1000 SSL-VPN appliances. \n\nThe activity started at around 03:00 UTC and leveraged publicly available P\u2026\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2077684415728119861)", "creation_timestamp": "2026-07-16T09:39:16.930780Z"}</description>
      <content:encoded>{"uuid": "9c68a613-c882-4b36-bbd2-5d5e88d64cb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqqwveegxx2v", "content": "Overnight our global honeypot network picked up broad scale exploitation of CVE-2026-15409 targeting SonicWall SMA1000 SSL-VPN appliances. \n\nThe activity started at around 03:00 UTC and leveraged publicly available P\u2026\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2077684415728119861)", "creation_timestamp": "2026-07-16T09:39:16.930780Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9c68a613-c882-4b36-bbd2-5d5e88d64cb6/export</guid>
      <pubDate>Thu, 16 Jul 2026 09:39:16 +0000</pubDate>
    </item>
    <item>
      <title>c0038cf9-a501-420a-9db6-049d8fe0cb54</title>
      <link>https://vulnerability.circl.lu/sighting/c0038cf9-a501-420a-9db6-049d8fe0cb54/export</link>
      <description>{"uuid": "c0038cf9-a501-420a-9db6-049d8fe0cb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-15409", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqqvoabdec2d", "content": "\u26a0\ufe0f CVSS 10.0. That is the maximum possible score.\n\nSMA1000 Appliance.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-15409-sma1000-appliance-ssrf-exploited-in-wild/\n\n#CyberSecurity #PatchNow", "creation_timestamp": "2026-07-16T09:17:24.292225Z"}</description>
      <content:encoded>{"uuid": "c0038cf9-a501-420a-9db6-049d8fe0cb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-15409", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqqvoabdec2d", "content": "\u26a0\ufe0f CVSS 10.0. That is the maximum possible score.\n\nSMA1000 Appliance.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-15409-sma1000-appliance-ssrf-exploited-in-wild/\n\n#CyberSecurity #PatchNow", "creation_timestamp": "2026-07-16T09:17:24.292225Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/c0038cf9-a501-420a-9db6-049d8fe0cb54/export</guid>
      <pubDate>Thu, 16 Jul 2026 09:17:24 +0000</pubDate>
    </item>
    <item>
      <title>5391a961-f937-4fed-a11e-571d3d889f97</title>
      <link>https://vulnerability.circl.lu/sighting/5391a961-f937-4fed-a11e-571d3d889f97/export</link>
      <description>{"uuid": "5391a961-f937-4fed-a11e-571d3d889f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mqqgcrdq6x27", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43499: 23 interactions\nCVE-2026-15409: 17 interactions\nCVE-2026-20262: 14 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-15409: 15 interactions\nCVE-2026-15410: 8 interactions\nCVE-2026-1541: 6 interactions\n", "creation_timestamp": "2026-07-16T04:42:33.061370Z"}</description>
      <content:encoded>{"uuid": "5391a961-f937-4fed-a11e-571d3d889f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mqqgcrdq6x27", "content": "Top 3 CVE for last 7 days:\nCVE-2026-43499: 23 interactions\nCVE-2026-15409: 17 interactions\nCVE-2026-20262: 14 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-15409: 15 interactions\nCVE-2026-15410: 8 interactions\nCVE-2026-1541: 6 interactions\n", "creation_timestamp": "2026-07-16T04:42:33.061370Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/5391a961-f937-4fed-a11e-571d3d889f97/export</guid>
      <pubDate>Thu, 16 Jul 2026 04:42:33 +0000</pubDate>
    </item>
    <item>
      <title>f107220d-a333-4bc6-b2f5-7de9a77d648b</title>
      <link>https://vulnerability.circl.lu/sighting/f107220d-a333-4bc6-b2f5-7de9a77d648b/export</link>
      <description>{"uuid": "f107220d-a333-4bc6-b2f5-7de9a77d648b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqq5msrq3t2t", "content": "\ud83d\udccc CVE-2026-15409 - A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacke... https://www.cyberhub.blog/cves/CVE-2026-15409", "creation_timestamp": "2026-07-16T02:07:06.544732Z"}</description>
      <content:encoded>{"uuid": "f107220d-a333-4bc6-b2f5-7de9a77d648b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mqq5msrq3t2t", "content": "\ud83d\udccc CVE-2026-15409 - A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacke... https://www.cyberhub.blog/cves/CVE-2026-15409", "creation_timestamp": "2026-07-16T02:07:06.544732Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f107220d-a333-4bc6-b2f5-7de9a77d648b/export</guid>
      <pubDate>Thu, 16 Jul 2026 02:07:06 +0000</pubDate>
    </item>
    <item>
      <title>e5c97c56-5c67-4640-b0f5-5ef247af3815</title>
      <link>https://vulnerability.circl.lu/sighting/e5c97c56-5c67-4640-b0f5-5ef247af3815/export</link>
      <description>{"uuid": "e5c97c56-5c67-4640-b0f5-5ef247af3815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/7/kritische-sicherheitslucken-in-sonicwall-sma1000-series-aktiv-ausgenutzt-updates-verfugbar", "content": "15. Juli 2026\n\nBeschreibung\n\nIn den SonicWall SMA1000 Series Appliances existieren mehrere Sicherheitsl&amp;uuml;cken. Die schwerwiegendere der beiden Schwachstellen erm&amp;ouml;glicht es Angreifer:innen aus der Ferne und ohne Authentifizierung, die Appliance dazu zu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden (Server-Side Request Forgery). Laut SonicWall PSIRT werden die in diesem Advisory beschriebenen Schwachstellen bereits aktiv ausgenutzt.\n\nCVE-Nummer(n):&amp;nbsp;CVE-2026-15409, CVE-2026-15410\n\nCVSS Base Score: 10.0\n\nAuswirkungen\n\nCVE-2026-15409 ist eine Server-Side-Request-Forgery-Schwachstelle (SSRF) im Work-Place-Interface der SMA1000 Appliance. Ein:e entfernte:r, nicht authentifizierte:r Angreifer:in kann die Appliance dazu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden. Der Hersteller gibt f&amp;uuml;r diese Schwachstelle einen CVSS Base Score von 10.0 an.\n\nCVE-2026-15410 ist eine Schwachstelle vom Typ &amp;bdquo;Improper Control of Generation of Code&amp;ldquo; (Code Injection) in der Appliance Management Console (AMC), die es unter bestimmten Voraussetzungen einem:einer entfernten, als Administrator:in authentifizierten Angreifer:in erm&amp;ouml;glichen kann, beliebige Betriebssystembefehle auszuf&amp;uuml;hren. Der Hersteller gibt f&amp;uuml;r diese Schwachstelle einen CVSS Base Score von 7.2 an.\n\nBetroffene Systeme\n\nBetroffen sind die SMA1000 Modelle 6210, 7210 und 8200v in folgenden Versionen:\n\n\n\n12.4.3-03245, 12.4.3-03387 und 12.4.3-03434 (platform-hotfix)\n\n12.5.0-02283, 12.5.0-02624 und 12.5.0-02800 (platform-hotfix)\n\n\nLaut Hersteller sind SSL-VPN auf SonicWall-Firewalls sowie die SMA 100 Series Produktlinie nicht von diesen Schwachstellen betroffen.\n\nAbhilfe\n\nSonicWall stellt einen platform-hotfix bereit, der die Schwachstellen behebt:\n\n\n\n12.4.3-03453 (platform-hotfix) und h&amp;ouml;her\n\n12.5.0-02835 (platform-hotfix) und h&amp;ouml;her\n\n\nDer aktuelle platform-hotfix steht auf mysonicwall.com zum Download bereit. Ein Workaround steht laut Hersteller nicht zur Verf&amp;uuml;gung.\n\nDa eine aktive Ausnutzung beobachtet wurde, empfiehlt SonicWall zus&amp;auml;tzlich, das System auf Anzeichen einer Kompromittierung (Indicators of Compromise) zu &amp;uuml;berpr&amp;uuml;fen. Dazu z&amp;auml;hlen unter anderem:\n\n\n\nEintr&amp;auml;ge in extraweb_access.log mit Anfragen an /__api__/login oder /__api__/logout mit HTTP-Status 200\n\nEintr&amp;auml;ge in extraweb_access.log mit Anfragen an /wsproxy mit auff&amp;auml;lligen Host-Parametern und HTTP-Status 101\n\nEintr&amp;auml;ge in ctrl-service.log mit Hotfix-Rollbacks mit Path-Traversal-Namen\n\nRouten f&amp;uuml;r /__api__/login oder /__api__/logout in /var/lib/unit/conf.json (diese URIs existieren in einer legitimen Konfiguration nicht)\n\n\nWerden IOCs festgestellt, empfiehlt SonicWall, betroffene Appliances neu aufzusetzen (Hardware: re-image, virtuell: re-deploy), Benutzer:innen- und Administrator:innen-Passw&amp;ouml;rter zu &amp;auml;ndern sowie TOTP-Token zur&amp;uuml;ckzusetzen.\n\nHinweis\n\nGenerell empfiehlt CERT.at, s&amp;auml;mtliche Software aktuell zu halten und dabei insbesondere auf automatische Updates zu setzen. Regelm&amp;auml;&amp;szlig;ige Neustarts stellen sicher, dass diese auch zeitnah aktiviert werden.\n\n\n\nInformationsquelle(n):\n\nSonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities (Englisch)https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008", "creation_timestamp": "2026-07-16T01:00:45.476010Z"}</description>
      <content:encoded>{"uuid": "e5c97c56-5c67-4640-b0f5-5ef247af3815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/7/kritische-sicherheitslucken-in-sonicwall-sma1000-series-aktiv-ausgenutzt-updates-verfugbar", "content": "15. Juli 2026\n\nBeschreibung\n\nIn den SonicWall SMA1000 Series Appliances existieren mehrere Sicherheitsl&amp;uuml;cken. Die schwerwiegendere der beiden Schwachstellen erm&amp;ouml;glicht es Angreifer:innen aus der Ferne und ohne Authentifizierung, die Appliance dazu zu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden (Server-Side Request Forgery). Laut SonicWall PSIRT werden die in diesem Advisory beschriebenen Schwachstellen bereits aktiv ausgenutzt.\n\nCVE-Nummer(n):&amp;nbsp;CVE-2026-15409, CVE-2026-15410\n\nCVSS Base Score: 10.0\n\nAuswirkungen\n\nCVE-2026-15409 ist eine Server-Side-Request-Forgery-Schwachstelle (SSRF) im Work-Place-Interface der SMA1000 Appliance. Ein:e entfernte:r, nicht authentifizierte:r Angreifer:in kann die Appliance dazu bringen, serverseitig Anfragen an eigentlich nicht erreichbare interne Endpunkte zu senden. Der Hersteller gibt f&amp;uuml;r diese Schwachstelle einen CVSS Base Score von 10.0 an.\n\nCVE-2026-15410 ist eine Schwachstelle vom Typ &amp;bdquo;Improper Control of Generation of Code&amp;ldquo; (Code Injection) in der Appliance Management Console (AMC), die es unter bestimmten Voraussetzungen einem:einer entfernten, als Administrator:in authentifizierten Angreifer:in erm&amp;ouml;glichen kann, beliebige Betriebssystembefehle auszuf&amp;uuml;hren. Der Hersteller gibt f&amp;uuml;r diese Schwachstelle einen CVSS Base Score von 7.2 an.\n\nBetroffene Systeme\n\nBetroffen sind die SMA1000 Modelle 6210, 7210 und 8200v in folgenden Versionen:\n\n\n\n12.4.3-03245, 12.4.3-03387 und 12.4.3-03434 (platform-hotfix)\n\n12.5.0-02283, 12.5.0-02624 und 12.5.0-02800 (platform-hotfix)\n\n\nLaut Hersteller sind SSL-VPN auf SonicWall-Firewalls sowie die SMA 100 Series Produktlinie nicht von diesen Schwachstellen betroffen.\n\nAbhilfe\n\nSonicWall stellt einen platform-hotfix bereit, der die Schwachstellen behebt:\n\n\n\n12.4.3-03453 (platform-hotfix) und h&amp;ouml;her\n\n12.5.0-02835 (platform-hotfix) und h&amp;ouml;her\n\n\nDer aktuelle platform-hotfix steht auf mysonicwall.com zum Download bereit. Ein Workaround steht laut Hersteller nicht zur Verf&amp;uuml;gung.\n\nDa eine aktive Ausnutzung beobachtet wurde, empfiehlt SonicWall zus&amp;auml;tzlich, das System auf Anzeichen einer Kompromittierung (Indicators of Compromise) zu &amp;uuml;berpr&amp;uuml;fen. Dazu z&amp;auml;hlen unter anderem:\n\n\n\nEintr&amp;auml;ge in extraweb_access.log mit Anfragen an /__api__/login oder /__api__/logout mit HTTP-Status 200\n\nEintr&amp;auml;ge in extraweb_access.log mit Anfragen an /wsproxy mit auff&amp;auml;lligen Host-Parametern und HTTP-Status 101\n\nEintr&amp;auml;ge in ctrl-service.log mit Hotfix-Rollbacks mit Path-Traversal-Namen\n\nRouten f&amp;uuml;r /__api__/login oder /__api__/logout in /var/lib/unit/conf.json (diese URIs existieren in einer legitimen Konfiguration nicht)\n\n\nWerden IOCs festgestellt, empfiehlt SonicWall, betroffene Appliances neu aufzusetzen (Hardware: re-image, virtuell: re-deploy), Benutzer:innen- und Administrator:innen-Passw&amp;ouml;rter zu &amp;auml;ndern sowie TOTP-Token zur&amp;uuml;ckzusetzen.\n\nHinweis\n\nGenerell empfiehlt CERT.at, s&amp;auml;mtliche Software aktuell zu halten und dabei insbesondere auf automatische Updates zu setzen. Regelm&amp;auml;&amp;szlig;ige Neustarts stellen sicher, dass diese auch zeitnah aktiviert werden.\n\n\n\nInformationsquelle(n):\n\nSonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities (Englisch)https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008", "creation_timestamp": "2026-07-16T01:00:45.476010Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e5c97c56-5c67-4640-b0f5-5ef247af3815/export</guid>
      <pubDate>Thu, 16 Jul 2026 01:00:45 +0000</pubDate>
    </item>
    <item>
      <title>1732c3a6-b4eb-43a0-ad80-750a26930a56</title>
      <link>https://vulnerability.circl.lu/sighting/1732c3a6-b4eb-43a0-ad80-750a26930a56/export</link>
      <description>{"uuid": "1732c3a6-b4eb-43a0-ad80-750a26930a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0239", "content": "SonicWall heeft twee kwetsbaarheden verholpen in SonicWall SMA1000 appliances. De kwetsbaarheid met kenmerk CVE-2026-15409 betreft een Server-Side Request Forgery (SSRF) in de Work Place interface, waarmee een niet-geauthenticeerde aanvaller het apparaat verzoeken kan laten sturen naar ongewenste locaties. \n\nDe kwetsbaarheid met kenmerk CVE-2026-15410 is een post-authenticatie code-injectie in de Appliance Management Console (AMC), waardoor een geauthenticeerde aanvaller met admin rechten willekeurige OS-commando's op het apparaat kan uitvoeren. \n\nBeide kwetsbaarheden zijn als zero-days misbruikt. Het NCSC raadt organisaties aan de advisory van SonicWall op te volgen, de aanwezigheid te controleren van de bijgevoegde IoC's en de aanbevolen acties uit te voeren.", "creation_timestamp": "2026-07-16T01:00:45.063905Z"}</description>
      <content:encoded>{"uuid": "1732c3a6-b4eb-43a0-ad80-750a26930a56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0239", "content": "SonicWall heeft twee kwetsbaarheden verholpen in SonicWall SMA1000 appliances. De kwetsbaarheid met kenmerk CVE-2026-15409 betreft een Server-Side Request Forgery (SSRF) in de Work Place interface, waarmee een niet-geauthenticeerde aanvaller het apparaat verzoeken kan laten sturen naar ongewenste locaties. \n\nDe kwetsbaarheid met kenmerk CVE-2026-15410 is een post-authenticatie code-injectie in de Appliance Management Console (AMC), waardoor een geauthenticeerde aanvaller met admin rechten willekeurige OS-commando's op het apparaat kan uitvoeren. \n\nBeide kwetsbaarheden zijn als zero-days misbruikt. Het NCSC raadt organisaties aan de advisory van SonicWall op te volgen, de aanwezigheid te controleren van de bijgevoegde IoC's en de aanbevolen acties uit te voeren.", "creation_timestamp": "2026-07-16T01:00:45.063905Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/1732c3a6-b4eb-43a0-ad80-750a26930a56/export</guid>
      <pubDate>Thu, 16 Jul 2026 01:00:45 +0000</pubDate>
    </item>
    <item>
      <title>bd80154f-1cd4-410d-b905-19210ee11205</title>
      <link>https://vulnerability.circl.lu/sighting/bd80154f-1cd4-410d-b905-19210ee11205/export</link>
      <description>{"uuid": "bd80154f-1cd4-410d-b905-19210ee11205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html", "content": "SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution.\n\nThe vulnerabilities are listed below -\n\n\n  CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to", "creation_timestamp": "2026-07-16T01:00:44.869392Z"}</description>
      <content:encoded>{"uuid": "bd80154f-1cd4-410d-b905-19210ee11205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html", "content": "SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution.\n\nThe vulnerabilities are listed below -\n\n\n  CVE-2026-15409 (CVSS score: 10.0) - A Server-side request forgery (SSRF) vulnerability that a remote unauthenticated attacker could exploit to", "creation_timestamp": "2026-07-16T01:00:44.869392Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bd80154f-1cd4-410d-b905-19210ee11205/export</guid>
      <pubDate>Thu, 16 Jul 2026 01:00:44 +0000</pubDate>
    </item>
    <item>
      <title>a9a5fcac-e7c5-40c4-a57e-81587bd66aa5</title>
      <link>https://vulnerability.circl.lu/sighting/a9a5fcac-e7c5-40c4-a57e-81587bd66aa5/export</link>
      <description>{"uuid": "a9a5fcac-e7c5-40c4-a57e-81587bd66aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://t.me/information_security_channel/55571", "content": "SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits\nhttps://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/\n\nSonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.\nThe post SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits (https://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-07-16T00:00:08.895027Z"}</description>
      <content:encoded>{"uuid": "a9a5fcac-e7c5-40c4-a57e-81587bd66aa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "seen", "source": "https://t.me/information_security_channel/55571", "content": "SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits\nhttps://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/\n\nSonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.\nThe post SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits (https://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-07-16T00:00:08.895027Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a9a5fcac-e7c5-40c4-a57e-81587bd66aa5/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:08 +0000</pubDate>
    </item>
    <item>
      <title>fcd38e58-dcf8-440f-8732-48300ad5b220</title>
      <link>https://vulnerability.circl.lu/sighting/fcd38e58-dcf8-440f-8732-48300ad5b220/export</link>
      <description>{"uuid": "fcd38e58-dcf8-440f-8732-48300ad5b220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://t.me/true_secator/8411", "content": "SonicWall \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 SMA1000 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u0432\u0443\u0445 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-15409 \u0438 CVE-2026-15410.\n\nCVE-2026-15409 - \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f (CVSS 10.0) SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 SMA1000 Appliance Work Place, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0432 \u043d\u0435\u043f\u0440\u0435\u0434\u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0441\u0442\u0430.\n\nCVE-2026-15410 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVSS 7.2), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c SMA1000, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u041e\u0421.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-15410 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, SonicWall \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u044d\u0442\u043e\u043c\u0443 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044e \u043e\u0431\u0449\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n\u0412 SonicWall PSIRT \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044e\u0442 \u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043c\u043e\u0434\u0435\u043b\u0438 SMA1000 6210, 7210 \u0438 8200v, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0439 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624 \u0438 12.5.0-02800. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 12.4.3-03453 \u0438 12.5.0-02835, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442 SonicWall, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 SSL-VPN \u043d\u0430 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u0430\u0445 SonicWall \u0438\u043b\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0441\u0435\u0440\u0438\u0438 SMA 100.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c IOCs, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u0431\u044b\u043b\u043e \u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438:\n\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 extraweb_access.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a /__api__/login \u0438\u043b\u0438 /__api__/logout \u0441\u043e \u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c HTTP 200;\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 extraweb_access.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a /wsproxy \u0441 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438 \u0445\u043e\u0441\u0442\u0430 \u0438 HTTP-\u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c 101;\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 ctrl-service.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u043e\u0442\u043a\u0430\u0442\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438;\n- \u0415\u0441\u043b\u0438 \u0444\u0430\u0439\u043b /var/lib/unit/conf.json \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b \u0434\u043b\u044f /__api__/login \u0438\u043b\u0438 /__api__/logout (\u044d\u0442\u0438 URI \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438).\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SonicWall \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u041e\u0421 \u043d\u0430 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0438\u043b\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u0442\u043e\u043a\u0435\u043d\u044b TOTP.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u043c\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442. CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (KEV), \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0432, \u0447\u0442\u043e \u043e\u043d\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2026-07-16T00:00:07.364100Z"}</description>
      <content:encoded>{"uuid": "fcd38e58-dcf8-440f-8732-48300ad5b220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-15409", "type": "exploited", "source": "https://t.me/true_secator/8411", "content": "SonicWall \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 SMA1000 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0434\u0432\u0443\u0445 0-day, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u043a\u0430\u043a CVE-2026-15409 \u0438 CVE-2026-15410.\n\nCVE-2026-15409 - \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f (CVSS 10.0) SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 SMA1000 Appliance Work Place, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0432 \u043d\u0435\u043f\u0440\u0435\u0434\u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0441\u0442\u0430.\n\nCVE-2026-15410 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (CVSS 7.2), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430 \u043f\u043e\u0441\u043b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e\u043c SMA1000, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u041e\u0421.\n\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-15410 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430, SonicWall \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u044d\u0442\u043e\u043c\u0443 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044e \u043e\u0431\u0449\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10,0.\n\n\u0412 SonicWall PSIRT \u043f\u0440\u043e\u0432\u0435\u043b\u0438 \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u044e\u0442 \u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 \u0446\u0435\u043f\u043e\u0447\u043a\u0443.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u043c\u043e\u0434\u0435\u043b\u0438 SMA1000 6210, 7210 \u0438 8200v, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0432\u0435\u0440\u0441\u0438\u0439 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624 \u0438 12.5.0-02800. \u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 12.4.3-03453 \u0438 12.5.0-02835, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0438\u0445.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u0430\u043a \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442 SonicWall, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 \u0440\u0430\u0431\u043e\u0442\u0443 SSL-VPN \u043d\u0430 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u044d\u043a\u0440\u0430\u043d\u0430\u0445 SonicWall \u0438\u043b\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 \u0441\u0435\u0440\u0438\u0438 SMA 100.\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c IOCs, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u044b \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u043e\u0433\u043e, \u0431\u044b\u043b\u043e \u043b\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043e, \u0432 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438:\n\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 extraweb_access.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a /__api__/login \u0438\u043b\u0438 /__api__/logout \u0441\u043e \u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c HTTP 200;\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 extraweb_access.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043a /wsproxy \u0441 \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438 \u0445\u043e\u0441\u0442\u0430 \u0438 HTTP-\u0441\u0442\u0430\u0442\u0443\u0441\u043e\u043c 101;\n- \u0415\u0441\u043b\u0438 \u0432 \u0444\u0430\u0439\u043b\u0435 ctrl-service.log \u0443\u043f\u043e\u043c\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u043e\u0442\u043a\u0430\u0442\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0441 \u0438\u043c\u0435\u043d\u0430\u043c\u0438, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0438;\n- \u0415\u0441\u043b\u0438 \u0444\u0430\u0439\u043b /var/lib/unit/conf.json \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b \u0434\u043b\u044f /__api__/login \u0438\u043b\u0438 /__api__/logout (\u044d\u0442\u0438 URI \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442 \u0432 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438).\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 SonicWall \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u043f\u0435\u0440\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u041e\u0421 \u043d\u0430 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u0438\u043b\u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u0432\u0441\u0435 \u043f\u0430\u0440\u043e\u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u043e\u0432, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0431\u0440\u043e\u0441\u0438\u0442\u044c \u0442\u043e\u043a\u0435\u043d\u044b TOTP.\n\n\u041f\u0440\u0438\u0447\u0435\u043c \u043f\u043e\u043c\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439, \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442. CISA \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430 \u043e\u0431\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 (KEV), \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u0432, \u0447\u0442\u043e \u043e\u043d\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2026-07-16T00:00:07.364100Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/fcd38e58-dcf8-440f-8732-48300ad5b220/export</guid>
      <pubDate>Thu, 16 Jul 2026 00:00:07 +0000</pubDate>
    </item>
  </channel>
</rss>
