Cyber Resilience

CVE-2026-0204

High

Published: 29 April 2026

Published
29 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0204 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Sonicwall Sonicos. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-0204 is a vulnerability in the access control mechanism of SonicOS, the operating system used in SonicWall firewalls and security appliances. It may allow certain management interface functions to be accessible under specific conditions. The issue is linked to CWE-306 (Missing Authentication for Critical Function) and CWE-1390 (Weak Access Permissions), with a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-04-29.

The attack scenario requires an attacker with adjacent network access (AV:A) and low complexity (AC:L), needing no privileges (PR:N) but relying on user interaction (UI:R). Successful exploitation enables high-impact effects on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially granting unauthorized access to sensitive management interface functions.

Mitigation details are provided in the SonicWall PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004.

EU & UK References

Vulnerability details

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
Why these techniques?

Missing authentication on management interface (CWE-306) directly enables exploitation of the exposed remote management service or application for unauthorized access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-53704Same product: Sonicwall Nsa 2700
CVE-2025-40600Same product: Sonicwall Nsa 2700
CVE-2025-23006Same vendor: Sonicwall
CVE-2025-40599Same vendor: Sonicwall
CVE-2026-4116Same vendor: Sonicwall
CVE-2025-40602Same vendor: Sonicwall
CVE-2026-4113Same vendor: Sonicwall
CVE-2026-44592Shared CWE-306
CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306

Affected Assets

sonicwall
sonicos
≤ 6.5.5.2-28n · 7.0.0.0 — 7.0.1-5169 · 7.1.1-7040 — 7.3.2-7010

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to management interface functions, directly countering flaws in SonicOS access control mechanisms.

prevent

Limits and documents permitted actions without authentication, mitigating CWE-306 missing authentication for critical management functions.

prevent

Restricts privileges to the minimum necessary, addressing CWE-1390 weak access permissions in SonicOS management interfaces.

References