CRITICAL 1 min read 15 Jul 2026

SonicWall CVE-2026-15409 Leads Today's Incident Response Queue

SonicWall CVE-2026-15409 is the lead item, a CVSS 10.0, exploited, CISA KEV-listed SMA1000 exposure, with Microsoft Patch Tuesday, SharePoint, developer tooling, SaaS abuse, industrial systems and Linux advisory updates also routed.

Key findings
01
NEW - CVE-2026-15409: SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability — SMA1000 Appliances
HIGH
[High] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-15409. Sources: CISA KEV CVE-2026-15409
02
NEW - NCSC-2026-0238 [1.00] [M/H] Kwetsbaarheid verholpen in Microsoft Dynamics
HIGH
[High] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: NCSC-2026-0238. Sources: NCSC-NL NCSC-2026-0238
03
NEW - CVE-2026-48561 Microsoft Copilot Remote Code Execution Vulnerability
HIGH
[High] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-48561. Sources: MSRC CVE-2026-48561
04
NEW - CVE-2026-55944 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
HIGH
[High] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-55944. Sources: MSRC CVE-2026-55944
05
NEW - CVE-2026-45262: FacturaScripts: Authenticated SQL injection in the FacturaScripts REST API filte
MEDIUM
[Medium] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-45262. Sources: GitHub Advisory GHSA-5qmh-x653-g8qj; NVD CVE-2026-45262.
06
NEW - CVE-2026-50006: Anyquery: Arbitrary File Write (AFW) which could lead to Remote Code Execution (
MEDIUM
[Medium] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-50006. Sources: GitHub Advisory GHSA-xrcf-6jh3-ggvx; NVD CVE-2026-50006.
07
NEW - CVE-2026-55010 Minecraft Bedrock Dedicated Server Remote Code Execution Vulnerability
HIGH
[High] Severity: Critical. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-55010. Sources: MSRC CVE-2026-55010
08
UPDATED (patch released) - SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data
CRITICAL
[Medium] Severity: Critical. Delta: Today's material change: patch released. Identifiers: CVE-2026-44747. Sources: The Hacker News; NVD CVE-2026-44747.
09
NEW - CVE-2026-15410: SonicWall SMA1000 Appliances Code Injection Vulnerability — SMA1000 Appliances
HIGH
[High] Severity: High. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-15410. Sources: CISA KEV CVE-2026-15410
10
NEW - NCSC-2026-0235 [1.00] [M/H] Kwetsbaarheden verholpen in Microsoft Developer Tools
HIGH
[High] Severity: High. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-41109, CVE-2026-45496, CVE-2026-45646, CVE-2026-47282, CVE-2026-47300, CVE-2026-47302, CVE-2026-47303, CVE-2026-47304, CVE-2026-47305, CVE-2026-50506, CVE-2026-50520, CVE-2026-50524.
11
NEW - CVE-2026-56164: Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability — SharePoint Server
HIGH
[High] Severity: High. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-56164, CVE-2026-47290, CVE-2026-47642, CVE-2026-48580, CVE-2026-50301, CVE-2026-50314, CVE-2026-50387, CVE-2026-50408, CVE-2026-50467, CVE-2026-50522, CVE-2026-50665, CVE-2026-50675, CVE-2026-50678.
12
NEW - NCSC-2026-0232 [1.00] [M/H] Kwetsbaarheden verholpen in Microsoft SQL Server
HIGH
[High] Severity: High. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-47295, CVE-2026-47296, CVE-2026-50468, CVE-2026-54116, CVE-2026-54117, CVE-2026-54118, CVE-2026-55002, CVE-2026-56642, CVE-2026-58647, NCSC-2026-0232.
13
NEW - CVE-2026-50438 Microsoft PC Manager Elevation of Privilege Vulnerability
HIGH
[High] Severity: High. Delta: Newly promoted in today's intelligence. Identifiers: CVE-2026-50438. Sources: MSRC CVE-2026-50438

Findings 01-13 cover the highest-priority public security advisories for 15 July 2026. The lead item is SonicWall SMA1000 server-side request forgery (CVE-2026-15409), a CVSS 10.0 vulnerability that is actively exploited and listed in the CISA Known Exploited Vulnerabilities catalogue, accompanied by a second SonicWall SMA1000 code-injection flaw (CVE-2026-15410). Microsoft July Patch Tuesday coverage includes Copilot remote code execution (CVE-2026-48561), Dynamics NAV and 365 Business Central remote code execution (CVE-2026-55944), SharePoint Server missing authentication (CVE-2026-56164), PC Manager elevation of privilege (CVE-2026-50438) and Minecraft Bedrock dedicated server remote code execution (CVE-2026-55010), together with NCSC advisories addressing Microsoft developer tooling (CVE-2026-41109) and SQL Server (CVE-2026-47295). SAP patched a CVSS 9.9 NetWeaver ABAP vulnerability (CVE-2026-44747). Application-layer entries include FacturaScripts authenticated SQL injection (CVE-2026-45262) and Anyquery arbitrary file write (CVE-2026-50006). Owners of internet-facing SonicWall and SharePoint systems should prioritise these first.

cisa-kevcve-2026-15409cve-2026-15410cve-2026-41109cve-2026-44747cve-2026-45262cve-2026-47295cve-2026-48561cve-2026-50006cve-2026-50438

Act on this brief

Map detection coverage gaps for the techniques above, or generate Sigma rules from the named CVEs.