SQL Injection Vulnerability in SonicWall SMA1000 Series Appliances
CVE-2026-4112

Currently unrated

Key Information:

Vendor: Sonicwall
Status: Sma1000
Vendor: CVE Published:; 9 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-4112?

An SQL injection vulnerability exists in SonicWall SMA1000 series appliances, enabling a remote authenticated attacker with read-only access to escalate their privileges to that of a primary administrator. This flaw results from improper neutralization of special elements in SQL commands, allowing malicious users to manipulate database queries and gain elevated access rights. Organizations using these appliances should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

SMA1000 Linux 12.4.3-03245 (platform-hotfix) and earlier versions.

SMA1000 Linux 12.5.0-02283 (platform-hotfix) and earlier versions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-4112
Created by Hann1bl3L3ct3r

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 9, 2026
👾
Exploit known to exist
Apr 9, 2026
Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-4112 Data

JSON