Browse all 21 CVE security advisories affecting Smoothwall. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Smoothwall operates as a provider of network security appliances, primarily delivering content filtering, web protection, and firewall services for enterprise and educational environments. Its software stack has historically been susceptible to a range of critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from insufficient input validation and improper access controls within its web management interface. Recent records indicate approximately 21 Common Vulnerabilities and Exposures (CVEs), reflecting ongoing challenges in patching legacy components. While the vendor maintains a security advisory process, the accumulation of these defects highlights persistent risks in its architecture. Organizations relying on these appliances must prioritize regular firmware updates and strict network segmentation to mitigate potential exploitation, ensuring that administrative interfaces remain isolated from untrusted networks to prevent unauthorized system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27508 | Smoothwall Express < 3.1 Update 13 Reflected XSS in redirect.cgi via url Parameter — ExpressCWE-79 | 5.4 | Medium | 2026-03-30 |
| CVE-2026-26352 | Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter — ExpressCWE-79 | 5.4 | Medium | 2026-03-30 |
This page lists every published CVE security advisory associated with Smoothwall. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.