SonicWall Urges Immediate Patching of Firewall Vulnerabilities

SonicWall on Wednesday rolled out fixes for three SonicOS vulnerabilities, urging customers to immediately patch their Gen 6, Gen 7, and Gen 8 firewalls.

“These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated high severity, and two are rated medium severity,” the company warned.

The high-severity flaw, tracked as CVE-2026-0204, allows attackers to bypass access controls and access certain management interface functions, SonicWall notes in an advisory.

An attacker with access to the management interface could potentially modify firewall configurations and disable security protections.

Tracked as CVE-2026-0205, the first medium-severity issue is a path traversal weakness that could be exploited to interact with restricted services.

The second medium-severity defect, tracked as CVE-2026-0206, allows remote attackers to crash vulnerable firewalls, the company says.

Advertisement. Scroll to continue reading.

Both medium-severity vulnerabilities require authentication for successful exploitation.

The three vulnerabilities impact dozens of firewalls running firmware versions up to 6.5.5.1-6n, 7.0.1-5169, 7.3.1-7013, and 8.1.0-8017.

Fixes were included in firmware releases 6.5.5.2-28n, 7.3.2-7010, and 8.2.0-8009, and customers are advised to update their appliances as soon as possible, or to restrict management access to SSH only until patching is possible, by disabling HTTP/HTTPS-based management and SSLVPN on all interfaces.

“Applying the patched firmware as soon as possible is strongly recommended,” SonicWall notes, underlining that management access restrictions are temporary mitigations.

The company makes no mention of any of these security defects being exploited in the wild.

Originally published by SecurityWeek

Full Analysis