Detections
Analytics
SonicWALL SonicOS Out-of-bounds Read(CVE-2026-0402)
medium Tenable OT Security Plugin ID 505222
Synopsis
The remote OT asset is affected by a vulnerability.Description
A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001
Plugin Details
Severity: Medium
ID: 505222
File Name: tenable_ot_sonicwall_CVE-2026-0402.nasl
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 3/10/2026
Updated: 3/11/2026
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2026-0402
CVSS v3
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/h:sonicwall:nssp_10700:-, cpe:/h:sonicwall:nsa_5700:-, cpe:/h:sonicwall:tz570p:-, cpe:/h:sonicwall:nsa_4800:-, cpe:/h:sonicwall:tz480:-, cpe:/h:sonicwall:nssp_11700:-, cpe:/h:sonicwall:nssp_15700:-, cpe:/h:sonicwall:nsa_6700:-, cpe:/h:sonicwall:tz370w:-, cpe:/h:sonicwall:tz470w:-, cpe:/h:sonicwall:nsa_3800:-, cpe:/h:sonicwall:tz670:-, cpe:/h:sonicwall:nsa_3700:-, cpe:/h:sonicwall:tz570:-, cpe:/h:sonicwall:tz680:-, cpe:/h:sonicwall:tz370:-, cpe:/h:sonicwall:tz280:-, cpe:/h:sonicwall:tz570w:-, cpe:/h:sonicwall:tz380:-, cpe:/h:sonicwall:tz80:-, cpe:/h:sonicwall:nsa_2800:-, cpe:/h:sonicwall:tz580:-, cpe:/h:sonicwall:nsa_4700:-, cpe:/h:sonicwall:tz270w:-, cpe:/h:sonicwall:nsa_2700:-, cpe:/h:sonicwall:tz270:-, cpe:/h:sonicwall:nssp_13700:-, cpe:/h:sonicwall:nsa_5800:-, cpe:/h:sonicwall:tz470:-
Required KB Items: Tenable.ot/SonicWALL
Exploit Ease: No known exploits are available
Patch Publication Date: 2/24/2026
Vulnerability Publication Date: 2/24/2026
Reference Information
CVE: CVE-2026-0402
CWE: 125