{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/nsa-6700/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8,"id":"CVE-2026-0204"},{"cvss":6.8,"id":"CVE-2026-0205"},{"cvss":4.9,"id":"CVE-2026-0206"}],"_cs_exploited":false,"_cs_products":["SOHOW","TZ 300","TZ 300W","TZ 400","TZ 400W","TZ 500","TZ 500W","TZ 600","NSA 2650","NSA 3600","NSA 3650","NSA 4600","NSA 4650","NSA 5600","NSA 5650","NSA 6600","NSA 6650","SM 9200","SM 9250","SM 9400","SM 9450","SM 9600","SM 9650","TZ 300P","TZ 600P","SOHO 250","SOHO 250W","TZ 350","TZ 350W","TZ270","TZ270W","TZ370","TZ370W","TZ470","TZ470W","TZ570","TZ570W","TZ570P","TZ670","NSa 2700","NSa 3700","NSa 4700","NSa 5700","NSa 6700","NSsp 10700","NSsp 11700","NSsp 13700","NSsp 15700","NSv 270","NSv 470","NSv 870","NSv870 sous ESX","NSv870 sous KVM","NSv870 sous HYPER-V","NSv870 sous AWS","NSv870 sous Azure","TZ80","TZ280","TZ380","TZ480","TZ580","TZ680","NSa 2800","NSa 3800","NSa 4800","NSa 5800"],"_cs_severities":["medium"],"_cs_tags":["sonicwall","firewall","dos","security_bypass"],"_cs_type":"advisory","_cs_vendors":["SonicWall"],"content_html":"\u003cp\u003eOn April 30, 2026, CERT-FR published an advisory regarding multiple vulnerabilities affecting various SonicWall firewall products. These vulnerabilities, detailed in SonicWall security bulletin SNWLID-2026-0004, could allow an unauthenticated remote attacker to trigger a denial-of-service condition or bypass security policies. The affected products include a wide range of SonicWall firewalls across multiple generations (Gen 6, Gen 7, and Gen 8), as well as NSv virtual firewalls deployed in ESX, KVM, Hyper-V, AWS, and Azure environments. Successful exploitation of these vulnerabilities could lead to significant disruption of network services and a compromise of security controls.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable SonicWall firewall exposed to the internet.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a specially crafted network packet to the firewall. This packet exploits one of the vulnerabilities (CVE-2026-0204, CVE-2026-0205, or CVE-2026-0206).\u003c/li\u003e\n\u003cli\u003eIf the attacker exploits a DoS vulnerability, the firewall\u0026rsquo;s CPU and memory resources are consumed, leading to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eLegitimate network traffic is disrupted due to the firewall\u0026rsquo;s degraded performance or complete failure.\u003c/li\u003e\n\u003cli\u003eIf the attacker exploits a security policy bypass vulnerability, they can potentially gain unauthorized access to internal network resources.\u003c/li\u003e\n\u003cli\u003eThe attacker may then attempt to move laterally within the network, exploiting additional vulnerabilities in other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities could lead to a complete denial of service, disrupting network connectivity for affected organizations. A security policy bypass could also allow unauthorized access to sensitive internal resources. The number of potential victims is significant, given the widespread use of SonicWall firewalls across various industries.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches outlined in SonicWall security bulletin SNWLID-2026-0004 to all affected SonicWall firewalls immediately.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious activity targeting SonicWall firewalls.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules below to your SIEM to detect potential exploitation attempts in your environment.\u003c/li\u003e\n\u003cli\u003eReview and enforce strict network segmentation policies to limit the impact of a potential security policy bypass.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T00:00:00Z","date_published":"2026-04-30T00:00:00Z","id":"/briefs/2026-04-sonicwall-vulns/","summary":"Multiple vulnerabilities in SonicWall firewalls could allow an attacker to cause a remote denial of service and security policy bypass, potentially disrupting network services and compromising security controls.","title":"Multiple Vulnerabilities in SonicWall Products Allow for DoS and Security Policy Bypass","url":"https://feed.craftedsignal.io/briefs/2026-04-sonicwall-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — NSa 6700","version":"https://jsonfeed.org/version/1.1"}