CVE-2026-3468_CVE-2026-3468

4.8 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Description

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

Basic Information

ID CVE-2026-3468

Source sonicwall

Published Mar 31, 2026 at 20:17

Modified Mar 31, 2026 at 20:35

Affected Product

Vendor SonicWall

Product Email Security

Version 10.0.34.8215 and earlier versions

Affected Versions SonicWall Email Security 10.0.34.8215 and earlier versions
SonicWall Email Security 10.0.34.8223 and earlier versions

CWE Classification

CWE-79

References

psirt.global.sonicwall.com /vuln-detail/SNWLID-2026-0002

{
    "lastseen": "",
    "description": "A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.",
    "published": "2026-03-31T20:17:11.236Z",
    "modified": "2026-03-31T20:35:38.252Z",
    "type": "cve",
    "title": "CVE-2026-3468",
    "source": "sonicwall",
    "references": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002",
    "id": "CVE-2026-3468",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "SonicWall Email Security 10.0.34.8215 and earlier versions\nSonicWall Email Security 10.0.34.8223 and earlier versions",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Email Security",
    "version": "10.0.34.8215 and earlier versions",
    "vendor": "SonicWall",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}