{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4112", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-13T11:57:18.440Z", "datePublished": "2026-04-09T14:22:21.018Z", "dateUpdated": "2026-04-13T13:04:16.689Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-04-09T14:22:21.018Z"}, "datePublic": "2026-04-09T05:11:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "SMA1000", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "12.4.3-03245 (platform-hotfix) and earlier versions."}, {"status": "affected", "version": "12.5.0-02283 (platform-hotfix) and earlier versions."}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command (\u201cSQL Injection\u201d) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper neutralization of special elements used in an SQL command (\u201cSQL Injection\u201d) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator."}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "tags": ["vendor-advisory"]}], "source": {"advisory": "SNWLID-2026-0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-10T03:56:04.484507Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:04:16.689Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-10T03:56:04.484507Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T13:00:28.068Z"}}], "cna": {"source": {"advisory": "SNWLID-2026-0003", "discovery": "EXTERNAL"}, "affected": [{"vendor": "SonicWall", "product": "SMA1000", "versions": [{"status": "affected", "version": "12.4.3-03245 (platform-hotfix) and earlier versions."}, {"status": "affected", "version": "12.5.0-02283 (platform-hotfix) and earlier versions."}], "platforms": ["Linux"], "defaultStatus": "unknown"}], "datePublic": "2026-04-09T05:11:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command (\u201cSQL Injection\u201d) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.", "supportingMedia": [{"type": "text/html", "value": "Improper neutralization of special elements used in an SQL command (\u201cSQL Injection\u201d) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-04-09T14:22:21.018Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4112", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:04:16.689Z", "dateReserved": "2026-03-13T11:57:18.440Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2026-04-09T14:22:21.018Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an SQL command (\u201cSQL Injection\u201d) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator."}], "id": "CVE-2026-4112", "lastModified": "2026-04-13T15:02:47.353", "metrics": {}, "published": "2026-04-09T15:16:13.517", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,12.4.3-03245]"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,12.5.0-02283]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SMA1000", "source": "cna", "vendor": "SonicWall"}, "product": "sma1000", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-09T16:28:53.685989+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware or security patch released by SonicWall", "Restrict read\u2011only administrator accounts to trusted personnel only", "Segregate SMA1000 appliances from critical management networks and monitor for anomalous activity", "If a patch is not yet available, enforce least\u2011privilege access controls and regularly audit configuration changes"], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation via Remote Authenticated SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected devices are SonicWall SMA1000 series network security appliances. No specific firmware or software version is listed in the advisory, so all current SMA1000 units should be considered vulnerable until a vendor patch is available.\n", "description_and_impact": "An SQL injection flaw exists in the SonicWall SMA1000 series appliances due to improper neutralization of special characters in SQL commands. An attacker who has authenticated with read\u2011only administrator privileges can exploit this vulnerability to elevate their rights, ultimately gaining primary administrator access. This allows full control over the appliance, including configuration changes, data exfiltration, and further network compromise.\n", "risk_and_exploitability": "The vulnerability is remote and requires only authenticated access with read\u2011only rights, a privilege level that is usually granted for monitoring purposes. Because the flaw permits privilege escalation to primary administrator, the potential impact is high, giving an attacker full administrative control. No CVSS or EPSS scores are supplied, but the lack of exploit probability data and absence from the KEV catalog suggest that while the vulnerability is serious, the likelihood of widespread exploitation remains uncertain.\n"}}}}, "created": "2026-04-10T08:53:38.166416+00:00", "title": "SQL Injection Enables Privilege Escalation in SonicWall SMA1000 Appliances", "updated": "2026-04-10T09:32:49.905180+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$sma1000"]}