SonicWall Patches Zero-Day Flaw in Secure Mobile Access (CVE-

SonicWall Patches Zero-Day Flaw in Secure Mobile Access (CVE-2021-20016)

On February 3, SonicWall published a patch to address a zero-day vulnerability in its Secure Mobile Access (SMA) 100 series of remote access products. The vulnerability, identified as CVE-2021-20016, is a SQL injection flaw that was reportedly used to target SonicWall directly in January.

Researchers at NCC Group observed a separate in-the-wild exploitation of the zero-day vulnerability at the end of January. Their findings were confirmed by SonicWall, and subsequently a patch was developed and released.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

SonicWall Patches Zero-Day Flaw in Secure Mobile Access (CVE-

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia