CVE-2026-3469 - Vulnerability Details

Description

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.

Published: 2026-03-31

Score: 2.7 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The identified vulnerability stems from inadequate input validation in the SonicWall Email Security appliance. An adversary who can authenticate as an administrator can exploit this weakness to force the application to cease responding, effectively degrading the service and potentially disrupting email flow for all users. The core weakness is characterized as CWE‑20, improper input validation, which directly leads to a denial‑of‑service condition.

Affected Systems

The flaw affects the SonicWall Email Security product line, including the ESA5000, ESA5050, ESA7000, ESA7050, and ESA9000 appliance models. No specific version numbers are listed in the data, meaning that any firmware iteration of these appliances that has not been patched may be vulnerable.

Risk and Exploitability

The CVSS score of 2.7 indicates a low severity, and the EPSS score below 1% reflects a low likelihood of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires a remote authenticated session as an administrator, which limits its reach but still presents a significant risk inside compromised environments where privileged credentials may exist.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SonicWall

Email Security

unknown

Version	Status	Constraints
`10.0.34.8215 and earlier versions`	affected	—
`10.0.34.8223 and earlier versions`	affected	—

Configuration 1 [-]

AND

cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:sonicwall:esa5000:-:::::::*
	cpe:2.3:h:sonicwall:esa5050:-:::::::*
	cpe:2.3:h:sonicwall:esa7000:-:::::::*
	cpe:2.3:h:sonicwall:esa7050:-:::::::*
	cpe:2.3:h:sonicwall:esa9000:-:::::::*

No data.

Vendor Product Confidence Versions

Sonicwall

Email Security

100%

Version	Status	Scheme	Platform
`[0,10.0.34.8215]`	affected	generic	['linux', 'windows']
`[0,10.0.34.8223]`	affected	generic	['linux', 'windows']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware or software update for the SonicWall Email Security appliance as released by the vendor.
Limit or disable administrative access to the appliance, ensuring that only a minimal set of trusted personnel have privileged credentials.
Monitor the appliance’s performance and logs for signs of application hangs or sudden unresponsiveness to detect any attempted exploitation attempts.

Generated by OpenCVE AI on April 13, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00166.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002

History

Tue, 14 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title	Denial of Service via Input Validation in SonicWall Email Security

Mon, 13 Apr 2026 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sonicwall esa5000 Sonicwall esa5050 Sonicwall esa7000 Sonicwall esa7050 Sonicwall esa9000
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:sonicwall:email_security:::::::: cpe:2.3:h:sonicwall:esa5000:-:::::::* cpe:2.3:h:sonicwall:esa5050:-:::::::* cpe:2.3:h:sonicwall:esa7000:-:::::::* cpe:2.3:h:sonicwall:esa7050:-:::::::* cpe:2.3:h:sonicwall:esa9000:-:::::::*
Vendors & Products		Sonicwall esa5000 Sonicwall esa5050 Sonicwall esa7000 Sonicwall esa7050 Sonicwall esa9000

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Title		Denial of Service via Input Validation in SonicWall Email Security
First Time appeared		Sonicwall Sonicwall email Security
Vendors & Products		Sonicwall Sonicwall email Security

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Description		A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.
Weaknesses		CWE-20
References		https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002
Metrics		cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Sonicwall Email Security Esa5000 Esa5050 Esa7000 Esa7050 Esa9000

MITRE

Status: PUBLISHED

Assigner: sonicwall

Published: 2026-03-31T20:18:32.521Z

Updated: 2026-03-31T20:34:53.148Z

Reserved: 2026-03-03T09:59:59.495Z

Link: CVE-2026-3469

Vulnrichment

Updated: 2026-03-31T20:34:49.288Z

NVD

Status : Analyzed

Published: 2026-03-31T21:16:33.163

Modified: 2026-04-13T16:49:49.573

Link: CVE-2026-3469

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-14T16:42:18Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object