{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3469", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-03T09:59:59.495Z", "datePublished": "2026-03-31T20:18:32.521Z", "dateUpdated": "2026-03-31T20:34:53.148Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:18:32.521Z"}, "datePublic": "2026-03-31T06:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "platforms": ["Linux", "Windows"], "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive."}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com", "type": "finder"}], "source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T20:34:36.717764Z", "id": "CVE-2026-3469", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:34:53.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3469", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T20:34:36.717764Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:34:49.288Z"}}], "cna": {"source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com"}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unknown"}], "datePublic": "2026-03-31T06:00:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.", "supportingMedia": [{"type": "text/html", "value": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper input validation"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:18:32.521Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3469", "state": "PUBLISHED", "dateUpdated": "2026-03-31T20:34:53.148Z", "dateReserved": "2026-03-03T09:59:59.495Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2026-03-31T20:18:32.521Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive."}], "id": "CVE-2026-3469", "lastModified": "2026-04-01T14:23:37.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T21:16:33.163", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8215]"}}, {"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8223]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Email Security", "source": "cna", "vendor": "SonicWall"}, "product": "email_security", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-01T06:42:16.805786+00:00", "value": {"mitigation_remediation": ["Update the SonicWall Email Security appliance to the latest firmware or patch released by SonicWall", "Restrict administrative access to trusted network segments or VPNs and enforce strong password policies", "Monitor appliance logs for unusually large or malformed input requests and terminate sessions that consume excessive resources"], "summary": {"action": "Patch ASAP", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SonicWall Email Security appliances that support an administrative user account. No specific model or firmware version was disclosed in the advisory, so all installations with administrative access are potentially susceptible.", "description_and_impact": "Improper input validation in the SonicWall Email Security appliance allows a remote authenticated administrator to send crafted data that causes the application to become unresponsive, resulting in a denial of service. The flaw does not directly compromise confidentiality or integrity; it only impacts availability by halting service operation for legitimate users.", "risk_and_exploitability": "With a CVSS score of 2.7, this is considered low\u2011severity. The EPSS value is not available, and the issue is not listed in the CISA KeV catalog, indicating limited known exploitation. The likely attack vector requires the attacker to be an authenticated administrator, meaning that control of admin credentials or compromise of the admin account is a prerequisite."}}}}, "created": "2026-04-02T07:52:56.502286+00:00", "title": "Denial of Service via Input Validation in SonicWall Email Security", "updated": "2026-04-02T20:10:53.253607+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$email_security"]}