CVE-2026-4114
Received
Received - Intake
Authentication Bypass via Unicode Handling in SonicWall SMA
Publication date: 2026-04-09
Last updated on: 2026-04-09
Assigner: SonicWALL, Inc.
Description
Description
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonicwall | sma1000 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-176 | The product does not properly handle when an input contains Unicode encoding. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper handling of Unicode encoding in SonicWall SMA1000 series appliances. It allows a remote authenticated SSLVPN administrator to bypass AMC TOTP (Time-based One-Time Password) authentication.
How can this vulnerability impact me? :
An attacker who is a remote authenticated SSLVPN administrator can bypass the AMC TOTP authentication mechanism. This could potentially allow unauthorized access to systems or data that rely on this two-factor authentication for security.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70