{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3470", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-03T10:00:16.245Z", "datePublished": "2026-03-31T20:19:38.338Z", "dateUpdated": "2026-03-31T20:34:15.574Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:19:38.338Z"}, "datePublic": "2026-03-31T06:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "platforms": ["Linux", "Windows"], "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database."}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com", "type": "finder"}], "source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T20:34:11.598748Z", "id": "CVE-2026-3470", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:34:15.574Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T20:34:11.598748Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:34:08.852Z"}}], "cna": {"source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com"}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unknown"}], "datePublic": "2026-03-31T06:00:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:19:38.338Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3470", "state": "PUBLISHED", "dateUpdated": "2026-03-31T20:34:15.574Z", "dateReserved": "2026-03-03T10:00:16.245Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2026-03-31T20:19:38.338Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD63C704-413C-43B7-9475-A19411E3BF6B", "versionEndExcluding": "10.0.35.8405", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sonicwall:esa5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "91ED89A0-CFFB-44D3-8DE8-64E8DB635872", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa5050:-:*:*:*:*:*:*:*", "matchCriteriaId": "69CD3296-0424-46C7-82F1-3BE7892B72C2", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "3FE6D8AA-F614-404A-9006-A94763AA23B5", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa7050:-:*:*:*:*:*:*:*", "matchCriteriaId": "F748C59C-740B-4F52-9E0D-70F7D4E9AA07", "vulnerable": false}, {"criteria": "cpe:2.3:h:sonicwall:esa9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D46ECFF-FA41-4861-A047-1EEFD89D13DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database."}], "id": "CVE-2026-3470", "lastModified": "2026-04-13T15:26:04.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T21:16:33.363", "references": [{"source": "PSIRT@sonicwall.com", "tags": ["Vendor Advisory"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8215]"}}, {"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8223]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Email Security", "source": "cna", "vendor": "SonicWall"}, "product": "email_security", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-13T16:33:03.576226+00:00", "value": {"mitigation_remediation": ["Check for and apply any available firmware or software patches from SonicWall for the Email Security appliance.", "If no patch is available, restrict administrative access to trusted users and monitor for suspicious input activity.", "Change administrator credentials and limit administrative privileges to reduce the attack surface.", "Contact SonicWall support for guidance and to report any ongoing exploitation attempts."], "summary": {"action": "Patch", "impact": "Data Corruption"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SonicWall Email Security appliances, including the ESA5000, ESA5050, ESA7000, ESA7050, and ESA9000 product lines. No specific version information is provided, so all current releases of these models may be susceptible unless later mitigated by firmware updates.", "description_and_impact": "A flaw in the SonicWall Email Security appliance allows an attacker with administrative privileges to supply crafted input that bypasses input validation, resulting in corruption of the application database. The corruption impacts data integrity and can lead to service disruption or loss of critical email filtering capabilities. This issue is rooted in improper sanitization of input for administrative functions.", "risk_and_exploitability": "The CVSS score of 3.8 classifies this vulnerability as moderate, and the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a remote authenticated attacker with administrative access and the ability to submit crafted input. While the exploitation conditions are restrictive, successful exploitation would corrupt the database, potentially impacting availability and data integrity. Monitoring for authentication and input anomalies is recommended because public exploitation evidence is currently unknown."}}}}, "created": "2026-04-02T07:52:54.534915+00:00", "title": "Improper Input Sanitization in SonicWall Email Security Enables Data Corruption", "updated": "2026-04-14T16:42:17.117621+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$email_security"]}