CVE-2026-4116
Received
Received - Intake
TOTP Bypass via Unicode Handling Flaw in SonicWall SMA
Publication date: 2026-04-09
Last updated on: 2026-04-13
Assigner: SonicWALL, Inc.
Description
Description
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sonicwall | sma1000 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-176 | The product does not properly handle when an input contains Unicode encoding. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
An attacker who is a remote authenticated SSLVPN user could exploit this vulnerability to bypass the TOTP authentication, potentially gaining unauthorized access to the network or resources that are protected by this authentication method.
Can you explain this vulnerability to me?
This vulnerability involves improper handling of Unicode encoding in SonicWall SMA1000 series appliances. It allows a remote authenticated SSLVPN user to bypass the Workplace/Connect Tunnel TOTP (Time-based One-Time Password) authentication mechanism.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70