SonicWall Email Security Multi-Vulnerability Security Advisory Summary Vulnerability Overview This advisory covers three major security vulnerabilities within SonicWall Email Security devices: 1. CVE-2026-3468 (Stored Cross-Site Scripting - XSS) Description: A stored XSS vulnerability exists due to improper neutralization of user-supplied input during web page generation. This allows remote authenticated attackers (acting as administrators) to execute arbitrary JavaScript code. CVSS v3 Score: 3.5 CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation) 2. CVE-2026-3469 (Denial of Service - DoS) Description: A Denial of Service (DoS) vulnerability exists due to improper input validation. This allows remote authenticated attackers (acting as administrators) to cause the application to become unresponsive. CVSS v3 Score: 2.7 CWE: CWE-20 (Improper Input Validation) 3. CVE-2026-3470 (Data Corruption) Description: Data corruption occurs due to a lack of proper input sanitization. This allows remote authenticated attackers (acting as administrators) to corrupt the application database by providing crafted input. CVSS v3 Score: 3.8 CWE: CWE-20 (Improper Input Validation) Overall CVSS v3 Score: 3.8 Overall CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products The following SonicWall Email Security products and versions are affected: Products: Email Security (ES Appliance 5000, 6050, 7000, 7050, 9000, VMWare and Hyper-V) Affected Versions: 10.0.34.8215, 10.0.34.8223, and earlier versions. Remediation Workaround: None. Fixed Version: Users are advised to upgrade to version 10.0.35.8405** or later. POC Code No specific POC code or exploit code is included in this advisory.