Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, […]

SonicWall SonicOS

SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access.

SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. The flaws could allow attackers to bypass security controls, access restricted services, and crash devices. One vulnerability is rated high severity, two are medium.

Users are strongly urged to apply the fixes immediately to keep their systems protected.

The most severe vulnerability, tracked as CVE-2026-0204 (CVSS score of 8.0), is an improper access control issue in SonicOS.

“A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.” reads the advisory.

The second issue addressed by the vendor, tracked as CVE-2026-0205 (CVSS score of 6.8), is a post-authentication path traversal flaw in SonicOS. An attacker can exploit the flaw to interact with usually restricted services.

The last issue fixed by SonicWall, tracked as CVE-2026-0206 (CVSS score of 6.8), is a post-authentication stack-based buffer overflow vulnerability in SonicOS.

“A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.” reads the advisory.

The three flaws affect appliances running firmware up to 6.5.5.1-6n, 7.0.1-5169, 7.3.1-7013, and 8.1.0-8017. Versions 6.5.5.2-28n, 7.3.2-7010, and 8.2.0-8009 addressed the flaw.

The company recommends customers to update immediately or, until patching is possible, limit management to SSH by disabling HTTP/HTTPS management and SSLVPN on all interfaces.

“Until the below patches can be applied and all affected versions are fixed, SonicWall PSIRT strongly recommends that administrators fully disable HTTP/HTTPS-based firewall management and SSLVPN on all interfaces, and restrict management access to SSH only.” concludes the advisory.

At this time, there is no evidence that the security flaws have been exploited in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, SonicOS)