Critical SonicWall SMA Gateway Auth Bypass Under Active Exploitation

Thursday, March 5, 2026 at 11:00 AM UTC·Source: SonicWall PSIRT / Arctic Wolf

Updated: Friday, March 6, 2026 at 09:00 AM UTC

Executive Summary

Authentication bypass in SonicWall SMA 1000 series gateways allows unauthenticated admin access. Active exploitation confirmed by CISA.

Analysis

CVE-2026-5135 is a critical authentication bypass in SonicWall SMA 1000 series. Unauthenticated attackers can gain admin access to the management interface and pivot into internal networks. CISA added to KEV catalog after confirming active exploitation. Arctic Wolf observed ransomware deployment following SMA compromise.

Timeline

Discovered

Feb 25, 2026

Exploitation Detected

Mar 1, 2026

Published

Mar 5, 2026

Patch Available

Mar 5, 2026

Indicators of Compromise (1)

CVE (1)

CVE-2026-5135

NVD MITRE CVE

Source Attribution

Originally published by SonicWall PSIRT / Arctic Wolf on Mar 5, 2026. Verified by: CISA, SonicWall, Arctic Wolf.

Related Threats

MEDIUMVulnerabilityNEW

CaixaBank launches a carbon credit trading platform to help clients offset their emissions

CaixaBank CIB has launched a carbon credit trading platform, a tool designed to make it easier for corporate clients and businesses to voluntarily offset CO2 emissions.

38m agoFinextra

MEDIUMVulnerabilityNEW

Cyber Resilience is the New Business Continuity Plan

The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. The post Cyber Resilience is the New Business Continuity Plan appeared first on SecurityWeek .

58m agoSecurityWeek

MEDIUMVulnerability

Microsoft confirms patching issues in restricted Windows networks

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. [...]

1h agoBleepingComputer