CVE-2022-3236CISA KEVEPSS p99.9%

CVE-2022-3236Sophos Firewall Code Injection Vulnerability

Sophos / Firewall

Description

A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Scoring

EPSS98.91% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2022-09-23

(incoming)1

TypeTargetConfidenceTier
KEVEntrySophos Firewall Code Injection Vulnerabilitykev-cve-2022-32360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Sophos Firewall Authentication Bypass Vulnerability
CVE
Sophos SG UTM Remote Code Execution Vulnerability
CVE
Sophos SFOS SQL Injection Vulnerability
CVE
Sophos Web Appliance Command Injection Vulnerability
CVE
CVE-2025-7382
CVE
CVE-2025-7433
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.