QwikSec

Security Database

CVE

CWE

Training

CVE-2026-4112

Published: Apr 9, 2026

Modified: May 10, 2026

PUBLISHED

Description

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Vendor	Product	Versions
SonicWall	SMA1000	affected `12.4.3-03245 (platform-hotfix) and earlier versions.` affected `12.5.0-02283 (platform-hotfix) and earlier versions.`

Weaknesses (CWE)

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.