Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN210 _____________________________________________________________________ DATE : 24/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): SonicOS. ===================================================================== https://psirt.global.sonicwall.com/vuln-list _____________________________________________________________________ SonicOS multiple post-authentication vulnerabilities 4.9 Overview Advisory ID SNWLID-2026-0001 First Published 2026-02-24 Last Updated 2026-02-24 Workaround false Status Applicable CVE CVE-2026-0399, CVE-2026-0400, CVE-2026-0401, CVE-2026-0402 CWE CWE-121, CWE-134, CWE-476, CWE-125 CVSS v3 4.9 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Direct Link Summary 1) CVE-2026-0399 - Multiple SonicOS post-authentication Stack-based Buffer Overflow vulnerabilities Multiple post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall. CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CWE-121: Stack-based Buffer Overflow 2) CVE-2026-0400 - SonicOS post-authentication Format String vulnerability A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CWE-134: Use of Externally-Controlled Format String 3) CVE-2026-0401 - SonicOS post-authentication NULL Pointer Dereference vulnerability A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CWE-476: NULL Pointer Dereference 4) CVE-2026-0402 - SonicOS post-authentication Out-of-bounds Read vulnerability A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. CVSS Score: 4.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CWE-125: Out-of-bounds Read Affected Product(s) Affected Platform(s) Affected Version(s) Gen7 hardware Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 Gen7 virtual Firewalls (NSv) - NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) 7.0.1-5169 and older versions 7.3.1-7013 and older versions Gen8 Firewalls - TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 8.1.0-8017 and older versions CPE(s) Workaround None. Fixed Software Fixed Platform(s) Fixed Version(s) Gen7 hardware Firewalls - TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700,NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, NSsp 15700 Gen7 virtual Firewalls (NSv) - NSV270, NSv470, NSv870 (ESX, KVM, HYPER-V, AWS, Azure) 7.3.2-7010 and higher versions Gen8 Firewalls - TZ80, TZ280, TZ380, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800 8.2.0-8009 and higher versions Comments Credit(s) CVE-2026-0399 (Vang3lis, Heuzoo and moyushui from VARAS@IIE) CVE-2026-0400 (Vang3lis and Heuzoo from VARAS@IIE) CVE-2026-0401 (Vang3lis from VARAS@IIE and N3vv from Red-Shield Security Lab) CVE-2026-0402 (Vang3lis from VARAS@IIE and N3vv from Red-Shield Security Lab) Revision History Version 1.0 Date 24-Feb-2026 Description Initial Release. Reference(s) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================