SonicWall says two vulnerabilities in its Secure Mobile Access (SMA) 1000 Series appliances are being exploited in the wild. The issues are tracked as CVE-2026-15409 and CVE-2026-15410. The company reports that the flaws are under active exploitation and has released fixed firmware to address them. SonicWall urges affected organizations to upgrade to the fixed firmware versions. In addition, the company advises customers to check their appliances for indicators that compromise may have occurred. If the specified indicators are found, SonicWall recommends remediation steps that include re-imaging the hardware appliance or re-deploying the virtual appliance, along with changing both user and administrator passwords. The company also instructs customers to reset TOTP (time-based one-time password) tokens to restore account security. Across the coverage, the main focus is on the same two CVEs, the fact that exploitation is active, and SonicWall’s call to apply the newly released updates promptly and to perform compromise checks where guidance is applicable.