What the vulnerability does

01Description

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
March 31, 2026 Record updated