{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4113", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-13T11:57:20.974Z", "datePublished": "2026-04-09T14:23:53.270Z", "dateUpdated": "2026-04-09T14:23:53.270Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-04-09T14:23:53.270Z"}, "datePublic": "2026-04-09T05:11:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-204", "description": "CWE-204 Observable response discrepancy", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "SMA1000", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "12.4.3-03245 (platform-hotfix) and earlier versions."}, {"status": "affected", "version": "12.5.0-02283 (platform-hotfix) and earlier versions."}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.</p>"}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "tags": ["vendor-advisory"]}], "source": {"advisory": "SNWLID-2026-0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials."}], "id": "CVE-2026-4113", "lastModified": "2026-04-09T15:16:13.683", "metrics": {}, "published": "2026-04-09T15:16:13.683", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-204"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,12.4.3-03245 (platform-hotfix) and earlier versions.]"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,12.5.0-02283 (platform-hotfix) and earlier versions.]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SMA1000", "source": "cna", "vendor": "SonicWall"}, "product": "sma1000", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-09T16:28:40.508517+00:00", "value": {"mitigation_remediation": ["Check the SonicWall PSIRT page linked in the advisory for any available firmware updates or patches.", "If a patch is released, apply it to all SMA1000 appliances immediately. ", "Until a patch is available, monitor the SSL VPN logs for repeated authentication attempts and consider enabling account lockout or multi\u2011factor authentication to reduce enumeration success."], "summary": {"action": "Patch", "impact": "Credential Enumeration"}, "threat_synthesis": {"affected_systems": "Products affected are SonicWall SMA1000 series appliances. No specific firmware or configuration version ranges are listed in the available data.", "description_and_impact": "This vulnerability allows a remote attacker to distinguish the responses of an SSL VPN service based on credential correctness. By observing subtle response differences, an attacker can confirm the validity of user names and passwords. The weakness resides in improper handling of authentication responses, pinpointed by CWE-204. Such enumeration could lead to credential compromise, enabling unauthorized access to the VPN and potentially to any resources accessible through it.", "risk_and_exploitability": "The exploit is remote, targeting the SSL VPN interface over the network. Because no CVSS score or EPSS value is provided, the formal severity cannot be quantified, but the ability to enumerate valid credentials is inherently a high\u2011risk security issue. The vulnerability is not currently catalogued in CISA\u2019s Known Exploited Vulnerabilities list, suggesting no widespread exploitation has been reported yet. An attacker would need network access to the SCCVPN endpoint and would benefit from repeated, automated trials to map valid usernames and passwords."}}}}, "created": "2026-04-10T08:53:36.967481+00:00", "title": "SSL VPN Credential Enumeration via Observable Response Discrepancy on SonicWall SMA1000", "updated": "2026-04-10T09:32:48.883276+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$sma1000"]}