CVE-2024-12802 is actively exploited in SonicWall Gen6 SSL-VPN appliances, allowing attackers to bypass MFA entirely via the UPN login path even on devices where the firmware patch has been applied but the required LDAP reconfiguration was not completed. Active exploitation between February and March 2026 shows post-authentication behavior consistent with ransomware precursor activity, and Gen6 devices reach end-of-life on April 16, 2026.