Cyber Posture

CVE-2026-0204

High

Published: 29 April 2026

Published
29 April 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0204 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Sonicwall Sonicos. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 0.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to management interface functions, directly countering flaws in SonicOS access control mechanisms.

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Limits and documents permitted actions without authentication, mitigating CWE-306 missing authentication for critical management functions.

AC-6 Least Privilege good match
prevent

Restricts privileges to the minimum necessary, addressing CWE-1390 weak access permissions in SonicOS management interfaces.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
Why these techniques?

Missing authentication on management interface (CWE-306) directly enables exploitation of the exposed remote management service or application for unauthorized access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Deeper analysisAI

CVE-2026-0204 is a vulnerability in the access control mechanism of SonicOS, the operating system used in SonicWall firewalls and security appliances. It may allow certain management interface functions to be accessible under specific conditions. The issue is linked to CWE-306 (Missing Authentication for Critical Function) and CWE-1390 (Weak Access Permissions), with a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-04-29.

The attack scenario requires an attacker with adjacent network access (AV:A) and low complexity (AC:L), needing no privileges (PR:N) but relying on user interaction (UI:R). Successful exploitation enables high-impact effects on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U), potentially granting unauthorized access to sensitive management interface functions.

Mitigation details are provided in the SonicWall PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004.

Details

CWE(s)
CWE-306CWE-1390

Affected Products

sonicwall
sonicos
≤ 6.5.5.2-28n · 7.0.0.0 — 7.0.1-5169 · 7.1.1-7040 — 7.3.2-7010

CVEs Like This One

CVE-2024-53704Same product: Sonicwall Nsa 2700
CVE-2025-40600Same product: Sonicwall Nsa 2700
CVE-2025-23006Same vendor: Sonicwall
CVE-2025-40599Same vendor: Sonicwall
CVE-2025-40602Same vendor: Sonicwall
CVE-2026-1453Shared CWE-306
CVE-2026-31882Shared CWE-306
CVE-2025-27642Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2026-26340Shared CWE-306

References