CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3468

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.2%

CVSS Severity

CVSS v3 Score 4.8

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002

Products affected by CVE-2026-3468

Sonicwall » Email Security » Version: N/A

cpe:2.3:a:sonicwall:email_security:-
Sonicwall » Email Security » Version: 10.0.9

cpe:2.3:a:sonicwall:email_security:10.0.9
Sonicwall » Esa5000 » Version: N/A

cpe:2.3:h:sonicwall:esa5000:-
Sonicwall » Esa5050 » Version: N/A

cpe:2.3:h:sonicwall:esa5050:-
Sonicwall » Esa7000 » Version: N/A

cpe:2.3:h:sonicwall:esa7000:-
Sonicwall » Esa7050 » Version: N/A

cpe:2.3:h:sonicwall:esa7050:-
Sonicwall » Esa9000 » Version: N/A

cpe:2.3:h:sonicwall:esa9000:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3468

Products

Pricing

Contact Us