CVE-2026-0206 - Vulnerability Details

- Post‑Authentication Buffer Overflow in SonicOS Causes Firewall Crash

Description

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

Published: 2026-04-29

Score: 4.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow in SonicOS requires the attacker to be authenticated and results in the crash of a firewall device. The detailed description states that the flaw causes a device reset rather than granting code execution, so the primary consequence is an interruption of network services. The exploited vulnerability is a classic CWE‑121 type overflow, implying insufficient bounds checking in a critical subsystem.

Affected Systems

The vulnerability affects SonicWall devices running the SonicOS operating system. No specific firmware or hardware versions are disclosed in the available data, so all SonicOS installations are potentially at risk until an update is applied.

Risk and Exploitability

Since the flaw is post‑authentication, an attacker must first obtain valid credentials to reach the vulnerable code path. The CVSS score of 4.9 indicates moderate overall risk, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Because the exploit would only terminate the device’s operation, the impact is limited to availability, but it could disrupt critical traffic if the system is not redundant, thus representing a significant risk to operational continuity.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SonicWall

SonicOS

unknown

Version	Status	Constraints
`6.5.5.1-6n and older versions`	affected	—
`7.0.1-5169 and older versions`	affected	—
`7.3.1-7013 and older versions`	affected	—
`8.1.0-8017 and older versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5650:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6600:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6650:-:::::::*
	cpe:2.3:h:sonicwall:sm_9200:-:::::::*
	cpe:2.3:h:sonicwall:sm_9250:-:::::::*
	cpe:2.3:h:sonicwall:sm_9400:-:::::::*
	cpe:2.3:h:sonicwall:sm_9450:-:::::::*
	cpe:2.3:h:sonicwall:sm_9600:-:::::::*
	cpe:2.3:h:sonicwall:sm_9650:-:::::::*
	cpe:2.3:h:sonicwall:soho_250:-:::::::*
	cpe:2.3:h:sonicwall:soho_250w:-:::::::*
	cpe:2.3:h:sonicwall:sohow:-:::::::*
	cpe:2.3:h:sonicwall:tz_300:-:::::::*
	cpe:2.3:h:sonicwall:tz_300p:-:::::::*
	cpe:2.3:h:sonicwall:tz_300w:-:::::::*
	cpe:2.3:h:sonicwall:tz_350:-:::::::*
	cpe:2.3:h:sonicwall:tz_350w:-:::::::*
	cpe:2.3:h:sonicwall:tz_400:-:::::::*
	cpe:2.3:h:sonicwall:tz_400w:-:::::::*
	cpe:2.3:h:sonicwall:tz_500:-:::::::*
	cpe:2.3:h:sonicwall:tz_500w:-:::::::*
	cpe:2.3:h:sonicwall:tz_600:-:::::::*
	cpe:2.3:h:sonicwall:tz_600p:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::

OR	cpe:2.3:h:sonicwall:nsa_2700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5700:-:::::::*
	cpe:2.3:h:sonicwall:nsa_6700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_10700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_11700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_13700:-:::::::*
	cpe:2.3:h:sonicwall:nssp_15700:-:::::::*
	cpe:2.3:h:sonicwall:nsv_270:-:::::::*
	cpe:2.3:h:sonicwall:nsv_470:-:::::::*
	cpe:2.3:h:sonicwall:nsv_870:-:::::::*
	cpe:2.3:h:sonicwall:tz270:-:::::::*
	cpe:2.3:h:sonicwall:tz270w:-:::::::*
	cpe:2.3:h:sonicwall:tz370:-:::::::*
	cpe:2.3:h:sonicwall:tz370w:-:::::::*
	cpe:2.3:h:sonicwall:tz470:-:::::::*
	cpe:2.3:h:sonicwall:tz470w:-:::::::*
	cpe:2.3:h:sonicwall:tz570:-:::::::*
	cpe:2.3:h:sonicwall:tz570p:-:::::::*
	cpe:2.3:h:sonicwall:tz570w:-:::::::*
	cpe:2.3:h:sonicwall:tz670:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:nsa_2800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_3800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_4800:-:::::::*
	cpe:2.3:h:sonicwall:nsa_5800:-:::::::*
	cpe:2.3:h:sonicwall:tz280:-:::::::*
	cpe:2.3:h:sonicwall:tz280w:-:::::::*
	cpe:2.3:h:sonicwall:tz380:-:::::::*
	cpe:2.3:h:sonicwall:tz380w:-:::::::*
	cpe:2.3:h:sonicwall:tz480:-:::::::*
	cpe:2.3:h:sonicwall:tz580:-:::::::*
	cpe:2.3:h:sonicwall:tz680:-:::::::*
	cpe:2.3:h:sonicwall:tz80:-:::::::*

No data.

Vendor Product Confidence Versions

Sonicwall

Sonicos

100%

Version	Status	Scheme	Platform
`[0,6.5.5.1-6n]`	affected	generic	['linux', 'gen6', 'gen7', 'gen8']
`[0,7.0.1-5169]`	affected	generic	['linux', 'gen6', 'gen7', 'gen8']
`[0,7.3.1-7013]`	affected	generic	['linux', 'gen6', 'gen7', 'gen8']
`[0,8.1.0-8017]`	affected	generic	['linux', 'gen6', 'gen7', 'gen8']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Download and install the latest SonicOS firmware release that contains the buffer‑overflow fix from the SonicWall support portal.
Restrict administrative access to the firewall by limiting management interfaces to a secure, isolated network segment, enforce least‑privilege user accounts, and enable multi‑factor authentication to reduce the chance of credential compromise.
Set up monitoring for firewall restarts or service interruptions, and configure automatic fail‑over or manual reboot procedures to restore connectivity promptly when a crash occurs.

Generated by OpenCVE AI on April 30, 2026 at 14:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0018.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

History

Tue, 05 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 2800 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 3800 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 4800 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 5800 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 13700 Sonicwall nssp 15700 Sonicwall nsv 270 Sonicwall nsv 470 Sonicwall nsv 870 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz280 Sonicwall tz280w Sonicwall tz370 Sonicwall tz370w Sonicwall tz380 Sonicwall tz380w Sonicwall tz470 Sonicwall tz470w Sonicwall tz480 Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz580 Sonicwall tz670 Sonicwall tz680 Sonicwall tz80 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p
CPEs		cpe:2.3:h:sonicwall:nsa_2650:-:::::::* cpe:2.3:h:sonicwall:nsa_2700:-:::::::* cpe:2.3:h:sonicwall:nsa_2800:-:::::::* cpe:2.3:h:sonicwall:nsa_3600:-:::::::* cpe:2.3:h:sonicwall:nsa_3650:-:::::::* cpe:2.3:h:sonicwall:nsa_3700:-:::::::* cpe:2.3:h:sonicwall:nsa_3800:-:::::::* cpe:2.3:h:sonicwall:nsa_4600:-:::::::* cpe:2.3:h:sonicwall:nsa_4650:-:::::::* cpe:2.3:h:sonicwall:nsa_4700:-:::::::* cpe:2.3:h:sonicwall:nsa_4800:-:::::::* cpe:2.3:h:sonicwall:nsa_5600:-:::::::* cpe:2.3:h:sonicwall:nsa_5650:-:::::::* cpe:2.3:h:sonicwall:nsa_5700:-:::::::* cpe:2.3:h:sonicwall:nsa_5800:-:::::::* cpe:2.3:h:sonicwall:nsa_6600:-:::::::* cpe:2.3:h:sonicwall:nsa_6650:-:::::::* cpe:2.3:h:sonicwall:nsa_6700:-:::::::* cpe:2.3:h:sonicwall:nssp_10700:-:::::::* cpe:2.3:h:sonicwall:nssp_11700:-:::::::* cpe:2.3:h:sonicwall:nssp_13700:-:::::::* cpe:2.3:h:sonicwall:nssp_15700:-:::::::* cpe:2.3:h:sonicwall:nsv_270:-:::::::* cpe:2.3:h:sonicwall:nsv_470:-:::::::* cpe:2.3:h:sonicwall:nsv_870:-:::::::* cpe:2.3:h:sonicwall:sm_9200:-:::::::* cpe:2.3:h:sonicwall:sm_9250:-:::::::* cpe:2.3:h:sonicwall:sm_9400:-:::::::* cpe:2.3:h:sonicwall:sm_9450:-:::::::* cpe:2.3:h:sonicwall:sm_9600:-:::::::* cpe:2.3:h:sonicwall:sm_9650:-:::::::* cpe:2.3:h:sonicwall:soho_250:-:::::::* cpe:2.3:h:sonicwall:soho_250w:-:::::::* cpe:2.3:h:sonicwall:sohow:-:::::::* cpe:2.3:h:sonicwall:tz270:-:::::::* cpe:2.3:h:sonicwall:tz270w:-:::::::* cpe:2.3:h:sonicwall:tz280:-:::::::* cpe:2.3:h:sonicwall:tz280w:-:::::::* cpe:2.3:h:sonicwall:tz370:-:::::::* cpe:2.3:h:sonicwall:tz370w:-:::::::* cpe:2.3:h:sonicwall:tz380:-:::::::* cpe:2.3:h:sonicwall:tz380w:-:::::::* cpe:2.3:h:sonicwall:tz470:-:::::::* cpe:2.3:h:sonicwall:tz470w:-:::::::* cpe:2.3:h:sonicwall:tz480:-:::::::* cpe:2.3:h:sonicwall:tz570:-:::::::* cpe:2.3:h:sonicwall:tz570p:-:::::::* cpe:2.3:h:sonicwall:tz570w:-:::::::* cpe:2.3:h:sonicwall:tz580:-:::::::* cpe:2.3:h:sonicwall:tz670:-:::::::* cpe:2.3:h:sonicwall:tz680:-:::::::* cpe:2.3:h:sonicwall:tz80:-:::::::* cpe:2.3:h:sonicwall:tz_300:-:::::::* cpe:2.3:h:sonicwall:tz_300p:-:::::::* cpe:2.3:h:sonicwall:tz_300w:-:::::::* cpe:2.3:h:sonicwall:tz_350:-:::::::* cpe:2.3:h:sonicwall:tz_350w:-:::::::* cpe:2.3:h:sonicwall:tz_400:-:::::::* cpe:2.3:h:sonicwall:tz_400w:-:::::::* cpe:2.3:h:sonicwall:tz_500:-:::::::* cpe:2.3:h:sonicwall:tz_500w:-:::::::* cpe:2.3:h:sonicwall:tz_600:-:::::::* cpe:2.3:h:sonicwall:tz_600p:-:::::::* cpe:2.3:o:sonicwall:sonicos::::::::
Vendors & Products		Sonicwall nsa 2650 Sonicwall nsa 2700 Sonicwall nsa 2800 Sonicwall nsa 3600 Sonicwall nsa 3650 Sonicwall nsa 3700 Sonicwall nsa 3800 Sonicwall nsa 4600 Sonicwall nsa 4650 Sonicwall nsa 4700 Sonicwall nsa 4800 Sonicwall nsa 5600 Sonicwall nsa 5650 Sonicwall nsa 5700 Sonicwall nsa 5800 Sonicwall nsa 6600 Sonicwall nsa 6650 Sonicwall nsa 6700 Sonicwall nssp 10700 Sonicwall nssp 11700 Sonicwall nssp 13700 Sonicwall nssp 15700 Sonicwall nsv 270 Sonicwall nsv 470 Sonicwall nsv 870 Sonicwall sm 9200 Sonicwall sm 9250 Sonicwall sm 9400 Sonicwall sm 9450 Sonicwall sm 9600 Sonicwall sm 9650 Sonicwall soho 250 Sonicwall soho 250w Sonicwall sohow Sonicwall tz270 Sonicwall tz270w Sonicwall tz280 Sonicwall tz280w Sonicwall tz370 Sonicwall tz370w Sonicwall tz380 Sonicwall tz380w Sonicwall tz470 Sonicwall tz470w Sonicwall tz480 Sonicwall tz570 Sonicwall tz570p Sonicwall tz570w Sonicwall tz580 Sonicwall tz670 Sonicwall tz680 Sonicwall tz80 Sonicwall tz 300 Sonicwall tz 300p Sonicwall tz 300w Sonicwall tz 350 Sonicwall tz 350w Sonicwall tz 400 Sonicwall tz 400w Sonicwall tz 500 Sonicwall tz 500w Sonicwall tz 600 Sonicwall tz 600p

Thu, 30 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Title		Post‑Authentication Buffer Overflow in SonicOS Causes Firewall Crash

Wed, 29 Apr 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall Sonicwall sonicos
Vendors & Products		Sonicwall Sonicwall sonicos

Wed, 29 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
Weaknesses		CWE-121
References		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

Subscriptions

Sonicwall Nsa 2650 Nsa 2700 Nsa 2800 Nsa 3600 Nsa 3650 Nsa 3700 Nsa 3800 Nsa 4600 Nsa 4650 Nsa 4700 Nsa 4800 Nsa 5600 Nsa 5650 Nsa 5700 Nsa 5800 Nsa 6600 Nsa 6650 Nsa 6700 Nssp 10700 Nssp 11700 Nssp 13700 Nssp 15700 Nsv 270 Nsv 470 Nsv 870 Sm 9200 Sm 9250 Sm 9400 Sm 9450 Sm 9600 Sm 9650 Soho 250 Soho 250w Sohow Sonicos Tz270 Tz270w Tz280 Tz280w Tz370 Tz370w Tz380 Tz380w Tz470 Tz470w Tz480 Tz570 Tz570p Tz570w Tz580 Tz670 Tz680 Tz80 Tz 300 Tz 300p Tz 300w Tz 350 Tz 350w Tz 400 Tz 400w Tz 500 Tz 500w Tz 600 Tz 600p

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2026-04-29T16:21:40.001Z

Updated: 2026-04-29T17:00:31.592Z

Reserved: 2025-10-30T10:54:33.982Z

Link: CVE-2026-0206

Vulnrichment

Updated: 2026-04-29T17:00:24.191Z

NVD

Status : Analyzed

Published: 2026-04-29T17:16:40.633

Modified: 2026-05-05T16:12:30.503

Link: CVE-2026-0206

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses

CWE-121

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object