Vulnerability in Sonicwall Sonicos

CVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

EPSS: 0.003 (49.6th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 7.0.1-5169 and older versions, 7.3.1-7013 and older versions, 8.1.0-8017 and older versions

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001 (vendor-advisory)