Bottom line: The Sonicwall patch does not automatically close the MFA gap – administrators must manually implement six additional configuration steps.
Sonicwall devices with the security patch deployed remain vulnerable to MFA bypass because the necessary post-configuration is often not performed. Admins must manually perform six additional steps to prevent authentication bypass.
Many Sonicwall firewalls have received the patch provided to fix a critical MFA bypass vulnerability. However, it turns out that simply installing the patch is not sufficient to fully close the security gap. A majority of environments remain vulnerable because the patch represents only part of the required measures.
The reason: The security update addresses the technical vulnerability in the software, but requires comprehensive reconfiguration on the administrator side. Six specific configuration steps must be performed in the Sonicwall settings to block the MFA bypass. These steps are not automatically executed by the patch update.
For CISOs and VPN administrators, it is critical to systematically review the configuration of affected devices after installing the patch. Without this manual follow-up work, attackers can continue to bypass multi-factor authentication and gain access to protected networks – despite the applied patch. The review should be carried out promptly to minimize the window of opportunity for potential exploit attempts.
Source: www.golem.de · Published 24 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.