CVE-2026-0204
SonicOS Access Control Bypass Vulnerability
Publication date: 2026-04-29
Last updated on: 2026-05-05
Assigner: SonicWALL, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonicwall | sonicos | to 6.5.5.2-28n (exc) |
| sonicwall | sonicos | From 7.0.0.0 (inc) to 7.0.1-5169 (inc) |
| sonicwall | sonicos | From 7.1.1-7040 (inc) to 7.3.2-7010 (exc) |
| sonicwall | sonicos | From 8.0.0-8035 (inc) to 8.2.0-8009 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows unauthorized access to management interface functions. According to the CVSS score of 8.0, it can lead to high confidentiality, integrity, and availability impacts, meaning attackers could potentially gain control over the device, manipulate configurations, or disrupt services.
Can you explain this vulnerability to me?
This vulnerability exists in the access control mechanism of SonicOS, the operating system used by SonicWall devices. It may allow certain management interface functions to be accessed under specific conditions that normally should restrict such access.
Can you explain this vulnerability to me?
This vulnerability exists in the access control mechanism of SonicOS. It may allow certain management interface functions to be accessible under specific conditions, potentially bypassing intended restrictions.
How can this vulnerability impact me? :
Exploitation of this vulnerability could lead to unauthorized access to critical management functions of SonicOS. This may result in a complete compromise of confidentiality, integrity, and availability of the affected system.