SonicWall patches three SonicOS firewall flaws after CrowdStrike disclosed them - the worst lets attackers reach the management interface without logging in (CVE-2026-0204)

SonicWall released emergency firmware updates for Gen 6, Gen 7, and Gen 8 firewalls after CrowdStrike's research team disclosed three SonicOS flaws on April 29. The worst is CVE-2026-0204 (CVSS 8.0), a weak authentication bug in the management interface that lets an attacker on an adjacent network reach management functions without logging in - and from there change firewall rules, disable security protections, or open new holes. The other two are post-authentication: CVE-2026-0205 is a path traversal that breaks out of restricted directories, and CVE-2026-0206 is a buffer overflow that crashes the firewall. No public exploits yet.

Check

Patch every SonicWall Gen 6, Gen 7, and Gen 8 firewall to the latest firmware today, and confirm no SonicWall management interface or SSL-VPN is reachable from the public internet.

Affected

Gen 6 firewalls (TZ 300/400/500/600, NSA, SM, SOHO) running 6.5.5.1-6n or older. Gen 7 firewalls and NSv (TZ270-TZ670, NSa 2700-6700, NSsp, NSv on ESX/KVM/Hyper-V/AWS/Azure) running 7.0.1-5169 or 7.3.1-7013 or older. Gen 8 (TZ80-TZ680, NSa 2800-5800) running 8.1.0-8017 or older.

Fix

Upgrade to Gen 8 firmware 8.2.0-8009, Gen 7 firmware 7.3.2-7010, or Gen 6 6.5.5.2-28n. Until patched, disable HTTP and HTTPS firewall management on all interfaces, disable SSL-VPN, and restrict management to SSH only from trusted IPs. Take a full configuration backup before upgrading Gen 6 - downgrading from 6.5.5.2-28n deletes all LDAP users and resets MFA.