NULL pointer dereference in Sonicwall Sonicos

CVE-2026-0401

A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.

EPSS: 0.004 (58.1th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Sonicos — versions 7.0.1-5169 and older versions, 7.3.1-7013 and older versions, 8.1.0-8017 and older versions

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001 (vendor-advisory)