{"id":249499,"date":"2026-05-19T11:14:00","date_gmt":"2026-05-19T15:14:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn\/"},"modified":"2026-05-19T11:20:10","modified_gmt":"2026-05-19T15:20:10","slug":"patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/patch-bypass-allows-hackers-to-exploit-prior-flaw-in-sonicwall-ssl-vpn\/","title":{"rendered":"Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/\">Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/\">https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-19 11:14:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p><span><span><span><span><span><span>A threat group has successfully been exploiting a two-year-old vulnerability in SonicWall SSL-VPN appliances since February, despite the flaw being patched, <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>according to a report<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> released Tuesday by cybersecurity firm Reliaquest.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The authentication bypass vulnerability, tracked as <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>CVE-2024-12802<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>, allows an attacker to bypass multifactor authentication (MFA) in SonicWall SSL-VPN appliances.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Starting in February 2026, attackers were able to engage in brute force attacks using automated tools, which bypassed MFA without setting off any red flags or login alerts, according to Reliaquest researchers.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>After encountering the same pattern across multiple incident response scenarios, Reliaquest <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span>began investigating the activity.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>\u201cAcross those cases, all between February and March 2026, we saw the same pattern: VPN accounts brute-forced at speed, MFA appearing enabled but not stopping authentication, and a specific session type in the logs pointing to automated tooling,\u201d Reliaquest researchers told Cybersecurity Dive.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Researchers could not provide direct attribution for the attacks, but the threat activity was consistent with ransomware activity from the Akira group. That group was <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>linked to a series of attacks targeting SonicWall customers<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> in 2025.<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>SonicWall issued an <\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span><span><span>advisory and a firmware upgrade<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><span><span><span><span><span><span> in 2025, but Reliaquest warned that there are six additional manual steps required to make sure Gen6 devices are secure. The patches are working normally in Gen7 devices, researchers said.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>The attacks are accomplished by exploiting the separate handling of User Principal Name and Security Account Manager account names when integrated with Microsoft Active Directory. The firmware update by itself fails to remove the Lightweight Directory Access Protocol configuration, which enables the bypass.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><span><span><span><span><span><span>Researchers said the flaw was given a severity score of only 6.5 by SonicWall, which may have led some&#8230;<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN https:\/\/www.cybersecuritydive.com\/news\/patch-bypass-hackers-exploit-flaw-sonicwall\/820600\/ Publish Date: 2026-05-19&#8230;<\/p>\n","protected":false},"author":1,"featured_media":249500,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/SlWgnSAsL-JM66Bez4aXtlPO3f-6VsiFOyvazIBmrYA\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzcwMjMzMzIwXzlFekpzb1QuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,89,57,27],"class_list":["post-249499","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-flaw","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249499"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=249499"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249499\/revisions"}],"predecessor-version":[{"id":249501,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/249499\/revisions\/249501"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/249500"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=249499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=249499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=249499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}