Email Security Appliance 5000 Firmware CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-40604	1 Sonicwall	11 Email Security, Email Security Appliance 5000, Email Security Appliance 5000 Firmware and 8 more	2026-02-26	6.5 Medium
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution.
CVE-2021-20023	2 Microsoft, Sonicwall	20 Windows, Email Security, Email Security Appliance 3300 and 17 more	2025-11-12	4.9 Medium
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.
CVE-2021-20022	2 Microsoft, Sonicwall	20 Windows, Email Security, Email Security Appliance 3300 and 17 more	2025-11-10	7.2 High
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.
CVE-2021-20021	2 Microsoft, Sonicwall	20 Windows, Email Security, Email Security Appliance 3300 and 17 more	2025-11-10	9.8 Critical
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Page 1 of 1.