Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-4112 |
| Alert Source | SonicWall Security Advisory SNWLID-2026-0003 |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-09 |
| Vendor | SonicWall |
| Product | Secure Mobile Access (SMA) 1000 |
| Vulnerability Type | Elevation of Privilege |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
A privilege escalation vulnerability has been identified in SonicWall Secure Mobile Access (SMA) 1000 series devices. CVE-2026-4112 could allow a remote attacker to gain elevated privileges on affected devices, potentially leading to system compromise and unauthorized access to network resources.
SMA 1000 devices are widely used as VPN gateways for remote access in organizations, making this vulnerability particularly dangerous — its exploitation could enable an attacker to gain full control over the remote access infrastructure.
Affected Products
| Product | Affected Versions | Fixed Version |
|---|---|---|
| SonicWall SMA 1000 | 12.4.x prior to 12.4.3-03387 | 12.4.3-03387 |
| SonicWall SMA 1000 | 12.5.x prior to 12.5.0-02624 | 12.5.0-02624 |
Required Actions
- Verify installed SMA 1000 firmware versions
- Update devices to the latest patched version:
- 12.4.x series → update to 12.4.3-03387 or later
- 12.5.x series → update to 12.5.0-02624 or later
- Monitor device logs for suspicious activity
References
- SonicWall Security Advisory SNWLID-2026-0003
How can nFlo help?
If your organization uses products affected by this vulnerability, contact us. We can help with:
- Verifying whether your systems are at risk
- Implementing patches and risk mitigation
- Monitoring for exploitation attempts in your environment
Useful resources:
