Home

Description

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

PUBLISHED Reserved 2025-12-02 | Published 2026-02-24 | Updated 2026-02-24 | Assigner sonicwall

Problem types

CWE-134 Use of Externally-Controlled Format String

Product status

Default status
unknown

7.0.1-5169 and older versions
affected

7.3.1-7013 and older versions
affected

8.1.0-8017 and older versions
affected

Credits

Vang3lis and Heuzoo of VARAS@IIE finder

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001 vendor-advisory

cve.org (CVE-2026-0400)

nvd.nist.gov (CVE-2026-0400)

Download JSON