{"id":216526,"date":"2026-05-19T11:14:00","date_gmt":"2026-05-19T15:14:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/19\/patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn\/"},"modified":"2026-05-19T11:15:36","modified_gmt":"2026-05-19T15:15:36","slug":"patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/19\/patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn\/","title":{"rendered":"Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN"},"content":{"rendered":"

Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/<\/a><\/p>\n

Publish Date: 2026-05-19 11:14:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

A threat group has successfully been exploiting a two-year-old vulnerability in SonicWall SSL-VPN appliances since February, despite the flaw being patched, according to a report released Tuesday by cybersecurity firm Reliaquest.\u00a0
\nThe authentication bypass vulnerability, tracked as CVE-2024-12802, allows an attacker to bypass multifactor authentication (MFA) in SonicWall SSL-VPN appliances.\u00a0
\nStarting in February 2026, attackers were able to engage in brute force attacks using automated tools, which bypassed MFA without setting off any red flags or login alerts, according to Reliaquest researchers.\u00a0
\nAfter encountering the same pattern across multiple incident response scenarios, Reliaquest began investigating the activity.\u00a0<\/p>\n

\u201cAcross those cases, all between February and March 2026, we saw the same pattern: VPN accounts brute-forced at speed, MFA appearing enabled but not stopping authentication, and a specific session type in the logs pointing to automated tooling,\u201d Reliaquest researchers told Cybersecurity Dive.\u00a0
\nResearchers could not provide direct attribution for the attacks, but the threat activity was consistent with ransomware activity from the Akira group. That group was linked to a series of attacks targeting SonicWall customers in 2025.
\nSonicWall issued an advisory and a firmware upgrade in 2025, but Reliaquest warned that there are six additional manual steps required to make sure Gen6 devices are secure. The patches are working normally in Gen7 devices, researchers said.\u00a0
\nThe attacks are accomplished by exploiting the separate handling of User Principal Name and Security Account Manager account names when integrated with Microsoft Active Directory. The firmware update by itself fails to remove the Lightweight Directory Access Protocol configuration, which enables the bypass.\u00a0
\nResearchers said the flaw was given a severity score of only 6.5 by SonicWall, which may have led some organizations to not pay close attention. CISA\u2019s Authorized Data Publisher assessment rates the vulnerability as a 9.1, which is considered critical.\u00a0
\nIn a more recent development, Gen6 appliances reached end-of-life status on April 16, which means SonicWall no longer supports them.\u00a0
\nA spokesperson for SonicWall was not immediately available for comment.\u00a0<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/ Publish Date: 2026-05-19…<\/p>\n","protected":false},"author":1,"featured_media":216527,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/SlWgnSAsL-JM66Bez4aXtlPO3f-6VsiFOyvazIBmrYA\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzcwMjMzMzIwXzlFekpzb1QuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-216526","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216526"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216526"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216526\/revisions"}],"predecessor-version":[{"id":216528,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216526\/revisions\/216528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216527"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}