{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3468", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "state": "PUBLISHED", "assignerShortName": "sonicwall", "dateReserved": "2026-03-03T09:59:57.366Z", "datePublished": "2026-03-31T20:17:11.236Z", "dateUpdated": "2026-03-31T20:35:38.252Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:17:11.236Z"}, "datePublic": "2026-03-31T06:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "platforms": ["Linux", "Windows"], "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "defaultStatus": "unknown"}], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code."}]}], "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "credits": [{"lang": "en", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com", "type": "finder"}], "source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T20:35:08.592056Z", "id": "CVE-2026-3468", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:35:38.252Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3468", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T20:35:08.592056Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T20:35:34.532Z"}}], "cna": {"source": {"advisory": "SNWLID-2026-0002", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Brian Mariani of DigitalCanion SA - www.digitalcanion.com"}], "affected": [{"vendor": "SonicWall", "product": "Email Security", "versions": [{"status": "affected", "version": "10.0.34.8215 and earlier versions"}, {"status": "affected", "version": "10.0.34.8223 and earlier versions"}], "platforms": ["Linux", "Windows"], "defaultStatus": "unknown"}], "datePublic": "2026-03-31T06:00:00.000Z", "references": [{"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "supportingMedia": [{"type": "text/html", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall", "dateUpdated": "2026-03-31T20:17:11.236Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3468", "state": "PUBLISHED", "dateUpdated": "2026-03-31T20:35:38.252Z", "dateReserved": "2026-03-03T09:59:57.366Z", "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "datePublished": "2026-03-31T20:17:11.236Z", "assignerShortName": "sonicwall"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code."}], "id": "CVE-2026-3468", "lastModified": "2026-04-01T14:23:37.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-31T21:16:32.950", "references": [{"source": "PSIRT@sonicwall.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002"}], "sourceIdentifier": "PSIRT@sonicwall.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "PSIRT@sonicwall.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8215]"}}, {"platform": ["linux", "windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,10.0.34.8223]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Email Security", "source": "cna", "vendor": "SonicWall"}, "product": "email_security", "vendor": "sonicwall"}], "analysis": {"en": {"generated_at": "2026-04-01T07:07:09.570191+00:00", "value": {"mitigation_remediation": ["Apply the official firmware update or security patch released by SonicWall as referenced in PSIRT SNWLID\u20112026\u20110002.", "If a patch is not yet available, limit administrator access to the web console to trusted personnel only.", "Consider disabling remote web administration or isolating the appliance from untrusted networks until a fix is applied.", "Monitor system logs for unusual activity that could indicate exploitation."], "summary": {"action": "Apply Patch", "impact": "Stored XSS enabling administrator to execute arbitrary JavaScript"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts all SonicWall Email Security appliances. Specific firmware or version information is not supplied, so any model that incorporates the affected component may be exposed. Administrators should verify current firmware against official SonicWall advisories for confirmation.", "description_and_impact": "A stored cross\u2011site scripting flaw exists in the SonicWall Email Security appliance. Improper neutralization of user\u2011supplied input during web page generation permits a remote authenticated attacker who holds administrator privileges to inject malicious JavaScript, which is then served to other users accessing the affected pages. The injected code runs in the victim\u2019s browser, providing the attacker with the ability to execute arbitrary JavaScript.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates moderate severity. Exploitation requires legitimate administrator credentials and access to the web interface, suggesting an authenticated attack vector. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. While the severity is moderate, the ability to execute arbitrary JavaScript warrants attention."}}}}, "created": "2026-04-02T07:52:57.559406+00:00", "title": "Stored XSS in SonicWall Email Security allows admin to execute JavaScript", "updated": "2026-04-02T20:10:54.158866+00:00", "vendors": ["sonicwall", "sonicwall$PRODUCT$email_security"]}