{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3468", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-03T09:59:57.366Z", "datePublished": "2026-03-31T20:17:11.236Z", "dateUpdated": "2026-03-31T20:35:38.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:17:11.236Z"}, "datePublic": "2026-03-31T06:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "platforms": ["Linux", "Windows"], "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code."}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com", "type": "finder"}], "source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T20:35:08.592056Z", "id": "CVE-2026-3468", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:35:38.252Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3468", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T20:35:08.592056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:35:34.532Z"}}], "cna": {"source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com"}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unknown"}], "datePublic": "2026-03-31T06:00:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "supportingMedia": [{"type": "text/html", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:17:11.236Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3468", "state": "PUBLISHED", "dateUpdated": "2026-03-31T20:35:38.252Z", "dateReserved": "2026-03-03T09:59:57.366Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2026-03-31T20:17:11.236Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD63C704-413C-43B7-9475-A19411E3BF6B", "versionEndExcluding": "10.0.35.8405", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:esa5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "91ED89A0-CFFB-44D3-8DE8-64E8DB635872", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa5050:-:*:*:*:*:*:*:*", "matchCriteriaId": "69CD3296-0424-46C7-82F1-3BE7892B72C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FE6D8AA-F614-404A-9006-A94763AA23B5", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa7050:-:*:*:*:*:*:*:*", "matchCriteriaId": "F748C59C-740B-4F52-9E0D-70F7D4E9AA07", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D46ECFF-FA41-4861-A047-1EEFD89D13DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code."}], "id": "CVE-2026-3468", "lastModified": "2026-04-13T16:50:20.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T21:16:32.950", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8215]"}}, {"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8223]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Email Security", "source": "cna", "vendor": "SonicWall"}, "product": "email_security", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-13T19:43:18.304681+00:00", "value": {"mitigation_remediation": ["Download and install the latest firmware update from SonicWall\u2019s PSIRT advisory (https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002).", "Verify the integrity of the downloaded firmware using SonicWall\u2019s provided checksum or digital signature before applying the update.", "If a firmware update is not yet available, limit administrative access to trusted personnel, enforce strong password policies, and isolate the appliance from untrusted networks until a patch is released."], "summary": {"action": "Apply Patch", "impact": "Stored XSS in admin web interface that enables arbitrary JavaScript execution by an authenticated administrator"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all SonicWall Email Security models listed in the CPEs, including the ESA5000, ESA5050, ESA7000, ESA7050, and ESA9000. No specific firmware or software version is identified in the advisory, meaning that any current firmware on these devices may be vulnerable.", "description_and_impact": "A stored cross\u2011site scripting vulnerability exists in the web interface of SonicWall Email Security appliances. The flaw is caused by improper neutralization of user-supplied input during page generation, allowing a remote authenticated attacker with administrator privileges to inject and run arbitrary JavaScript code within their own browser session. This could enable the attacker to modify page content, capture credentials, or perform unauthorized actions while logged in as admin.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity. An EPSS score of less than 1% suggests a low likelihood of widespread exploitation. The flaw is not present in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires the attacker to be authenticated as an administrator and to access the web interface that generates the stored script. No public exploits or further attack conditions are documented in the CVE data."}}}}, "created": "2026-04-02T07:52:57.559406+00:00", "updated": "2026-04-14T16:42:19.148077+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$email_security"]}