CVE-2026-4112

ANALYSIS PENDING

Sonicwall SMA1000 - SQL Injection

Title source: rule

Description

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Exploits (1)

nomisec WRITEUP 1 stars

by Hann1bl3L3ct3r · poc

https://github.com/Hann1bl3L3ct3r/CVE-2026-4112

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

Scores

EPSS 0.0007

EPSS Percentile 21.7%

Details

CWE

CWE-89

Status published

Products (2)

SonicWall/SMA1000 12.4.3-03245 (platform-hotfix) and earlier versions.

SonicWall/SMA1000 12.5.0-02283 (platform-hotfix) and earlier versions.

Published Apr 09, 2026

Tracked Since Apr 09, 2026