Do Son 
SonicWall has released a critical security advisory addressing three distinct vulnerabilities in SonicOS that could allow attackers to bypass access controls, traverse restricted paths, or crash firewalls entirely. The most severe of the trio, CVE-2026-0204, carries a CVSS score of 8.0 and involves an improper access control flaw that could expose management interface functions under specific conditions.
The vulnerabilities affect a massive range of hardware, spanning from Gen6 legacy devices to the latest Gen8 firewalls.
The advisory details three primary threats to SonicOS environments:
- Improper Access Control (CVE-2026-0204): A weak authentication issue that may grant unauthorized access to sensitive management functions.
- Post-Authentication Path Traversal (CVE-2026-0205): With a CVSS score of 6.8, this flaw allows an attacker to interact with services that are usually restricted.
- Stack-based Buffer Overflow (CVE-2026-0206): A remote attacker can trigger this vulnerability to crash the firewall, leading to a denial-of-service condition.
The scale of the affected product list includes
| Hardware Generation | Affected Versions | Fixed Firmware |
| Gen6 (TZ, NSA, SM Series) |
6.5.5.1-6n and older |
6.5.5.2-28n |
| Gen7 (TZ, NSa, NSsp, NSv) |
7.0.1-5169 / 7.3.1-7013 and older |
7.3.2-7010 |
| Gen8 (TZ80 – NSa 5800) |
8.1.0-8017 and older |
8.2.0-8009 |
For administrators unable to apply patches immediately, SonicWall PSIRT “strongly recommends” fully disabling HTTP/HTTPS-based firewall management and SSLVPN on all interfaces. Management access should be strictly restricted to SSH in the interim.
Administrators should proceed with caution regarding the Gen6 update. SonicWall notes that “downgrading from 6.5.5.2-28n to any prior firmware version is not supported”. Attempting a downgrade can result in a complete reset of all MFA settings and the deletion of all LDAP users.
A full configuration backup is “strongly recommended” before any upgrade attempt.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
