CVE-2026-4112

Severity CVSS v4.0:

Pending analysis

Type:

CWE-89 SQL Injection

Publication date:

09/04/2026

Last modified:

13/04/2026

Description

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Impact

References to Advisories, Solutions, and Tools

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003