CVE-2026-0205 - Vulnerability Details

- Post-Authentication Path Traversal in SonicOS Enabling Restricted Service Access

Description

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

Published: 2026-04-29

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a path traversal flaw that exists after an attacker logs into the SonicOS device. By manipulating file paths, the attacker can reach and control services that are normally hidden or protected by the authentication layer. This allows the attacker to read or modify system configuration files and gain unauthorized access, potentially compromising confidentiality and integrity of the network infrastructure.

Affected Systems

The flaw is reported in SonicWall SonicOS, but no specific version or build numbers are listed in the CNA data. Administrators should review the SonicWall advisories to identify which firmware releases include the fix.

Risk and Exploitability

The CVSS score is 6.8, but the EPSS score is unavailable, making it unclear how often this vulnerability is exploited. The advisory does not state that the issue is in the CISA KEV catalog, so it is not known to be actively leveraged in the wild. Attackers would need to already have authenticated access to the device to exploit the path traversal; the failure to verify proper path sanitization provides a relatively low barrier to exploitation for a privileged user.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SonicWall

SonicOS

unknown

Version	Status	Constraints
`6.5.5.1-6n and older versions`	affected	—
`7.0.1-5169 and older versions`	affected	—
`7.3.1-7013 and older versions`	affected	—
`8.1.0-8017 and older versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5800:-:::::::*
	cpe:2.3:h:sonicwall:tz280:-:::::::*
	cpe:2.3:h:sonicwall:tz280w:-:::::::*
	cpe:2.3:h:sonicwall:tz380:-:::::::*
	cpe:2.3:h:sonicwall:tz380w:-:::::::*
	cpe:2.3:h:sonicwall:tz480:-:::::::*
	cpe:2.3:h:sonicwall:tz580:-:::::::*
	cpe:2.3:h:sonicwall:tz680:-:::::::*
	cpe:2.3:h:sonicwall:tz80:-:::::::*

No data.

Vendor Product Confidence Versions

Sonicwall

Sonicos

100%

Version	Status	Scheme	Platform
`[0,6.5.5.1-6n]`	affected	generic	['linux', 'gen6', 'gen7', 'gen8']
`[0,7.0.1-5169]`	affected	semver	['linux', 'gen6', 'gen7', 'gen8']
`[0,7.3.1-7013]`	affected	semver	['linux', 'gen6', 'gen8', 'gen7']
`[0,8.1.0-8017]`	affected	semver	['linux', 'gen6', 'gen7', 'gen8']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update SonicOS firmware to the latest release that contains the path traversal fix.
Restrict administrative access to SonicOS through network segmentation and use VPN or a dedicated management VLAN.
Enable and monitor logging for file access anomalies on the device to detect potential unauthorized path traversal attempts.

Generated by OpenCVE AI on April 30, 2026 at 03:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

History

Tue, 05 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 2800 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 3800 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 4800 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 5800 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 13700 Sonicwall nssp 15700 Sonicwall nsv 270 Sonicwall nsv 470 Sonicwall nsv 870 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz280 Sonicwall tz280w Sonicwall tz370 Sonicwall tz370w Sonicwall tz380 Sonicwall tz380w Sonicwall tz470 Sonicwall tz470w Sonicwall tz480 Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz580 Sonicwall tz670 Sonicwall tz680 Sonicwall tz80 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p
CPEs		cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:nsa_2800:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nsa_3800:-:::::::* cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:nsa_4800:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:nsa_5800:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:nssp_15700:-:::::::* cpe:2.3:h:sonicwall:nsv_270:-:::::::* cpe:2.3:h:sonicwall:nsv_470:-:::::::* cpe:2.3:h:sonicwall:nsv_870:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:tz280:-:::::::* cpe:2.3:h:sonicwall:tz280w:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:tz380:-:::::::* cpe:2.3:h:sonicwall:tz380w:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:tz480:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:tz580:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:tz680:-:::::::* cpe:2.3:h:sonicwall:tz80:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::* cpe:2.3:o:sonicwall:sonicos::::::::
Vendors & Products		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 2800 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 3800 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 4800 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 5800 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 13700 Sonicwall nssp 15700 Sonicwall nsv 270 Sonicwall nsv 470 Sonicwall nsv 870 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz280 Sonicwall tz280w Sonicwall tz370 Sonicwall tz370w Sonicwall tz380 Sonicwall tz380w Sonicwall tz470 Sonicwall tz470w Sonicwall tz480 Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz580 Sonicwall tz670 Sonicwall tz680 Sonicwall tz80 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p

Thu, 30 Apr 2026 04:15:00 +0000

Type	Values Removed	Values Added
Title		Post-Authentication Path Traversal in SonicOS Enabling Restricted Service Access

Wed, 29 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall Sonicwall sonicos
Vendors & Products		Sonicwall Sonicwall sonicos

Wed, 29 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
Weaknesses		CWE-35
References		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

Subscriptions

Sonicwall Nsa 2650 Nsa 2700 Nsa 2800 Nsa 3600 Nsa 3650 Nsa 3700 Nsa 3800 Nsa 4600 Nsa 4650 Nsa 4700 Nsa 4800 Nsa 5600 Nsa 5650 Nsa 5700 Nsa 5800 Nsa 6600 Nsa 6650 Nsa 6700 Nssp 10700 Nssp 11700 Nssp 13700 Nssp 15700 Nsv 270 Nsv 470 Nsv 870 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz280 Tz280w Tz370 Tz370w Tz380 Tz380w Tz470 Tz470w Tz480 Tz570 Tz570p Tz570w Tz580 Tz670 Tz680 Tz80 Tz 300 Tz 300p Tz 300w Tz 350 Tz 350w Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2026-04-29T16:18:45.856Z

Updated: 2026-04-29T16:59:41.635Z

Reserved: 2025-10-30T10:54:31.125Z

Link: CVE-2026-0205

Vulnrichment

Updated: 2026-04-29T16:59:34.204Z

NVD

Status : Analyzed

Published: 2026-04-29T17:16:40.480

Modified: 2026-05-05T16:12:02.093

Link: CVE-2026-0205

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-30T04:00:15Z

Weaknesses

CWE-35

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object