Improper input validation in Sonicwall Email Security

CVE-2026-3469

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (16.4th percentile) — read the EPSS interpretation.

Affected products

Sonicwall Email Security — versions 10.0.34.8215 and earlier versions, 10.0.34.8223 and earlier versions

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 (vendor-advisory)