SonicWall SMA1000 CVE-2026-15409/15410 chained in the wild, KEV
SonicWall confirms in-the-wild chaining of an unauth SSRF (CVE-2026-15409, CVSS 10.0) and a post-auth command injection (CVE-2026-15410, CVSS 7.2) on SMA1000 6210/7210/8200v. CISA KEV due 2026-07-17.