{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4114", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-13T11:57:22.758Z", "datePublished": "2026-04-09T14:25:41.059Z", "dateUpdated": "2026-04-10T03:56:04.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-04-09T14:25:41.059Z"}, "datePublic": "2026-04-09T05:11:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-176", "description": "CWE-176 Improper handling of unicode encoding", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "SMA1000", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "12.4.3-03245 (platform-hotfix) and earlier versions."}, {"status": "affected", "version": "12.5.0-02283 (platform-hotfix) and earlier versions."}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.</p>"}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003", "tags": ["vendor-advisory"]}], "source": {"advisory": "SNWLID-2026-0003", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-4114"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T03:56:04.928Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication."}], "id": "CVE-2026-4114", "lastModified": "2026-04-09T15:16:13.817", "metrics": {}, "published": "2026-04-09T15:16:13.817", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-176"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,12.4.3-03245]"}}, {"platform": ["linux"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,12.5.0-02283]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SMA1000", "source": "cna", "vendor": "SonicWall"}, "product": "sma1000", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-09T17:27:18.778791+00:00", "value": {"mitigation_remediation": ["Apply the firmware update released by SonicWall for the SMA1000 series as soon as it becomes available.", "Verify that the TOTP authentication requirement is restored after the update by attempting a login that triggers the second factor.", "If a patch is not yet released, monitor SonicWall\u2019s security advisories and disable SSLVPN access from untrusted networks until the update is deployed.", "Ensure that system administrators are aware of the MFA bypass risk and enforce strict credential management policies."], "summary": {"action": "Immediate Patch", "impact": "MFA bypass allowing privileged access"}, "threat_synthesis": {"affected_systems": "All models in the SonicWall SMA1000 series may be impacted, as the advisory does not specify particular firmware or sub\u2011model versions. Devices should be treated as at risk until a firmware update that corrects the Unicode handling is deployed.", "description_and_impact": "SonicWall SMA1000 appliances process Unicode characters incorrectly, creating a flaw that allows an authenticated SSLVPN administrator to skip the AMC TOTP challenge. The result is the loss of the second factor, permitting an attacker with valid credentials to gain full administrative privileges on the appliance without the required time\u2011based one\u2011time password. This vulnerability stems from improper handling of Unicode encoding within the SSLVPN authentication flow, effectively nullifying the multi\u2011factor protection.", "risk_and_exploitability": "The exploit requires the attacker to possess legitimate administrator credentials, after which the MFA bypass can be triggered remotely via the SSLVPN interface. The EPSS score is not available and the issue is not listed in CISA\u2019s KEV catalog, indicating that the vulnerability is not yet widely known in exploit databases. However, once authenticated, the ability to bypass TOTP grants complete control over the appliance, presenting a high\u2011severity risk to confidentiality, integrity, and availability of the protected network."}}}}, "created": "2026-04-10T08:53:35.951663+00:00", "title": "Unicode Handling Enables MFA Bypass on SonicWall SMA1000", "updated": "2026-04-10T09:32:47.971240+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$sma1000"]}