By Joseph Ofonagoro
Publication Date: 2026-02-27 16:25:00
For three years, a critical flaw sat inside Cisco’s Catalyst SD-WAN products unnoticed. Hackers found it first.
Cisco confirmed that attackers exploited the bug, tracked as CVE-2026-20127, to bypass authentication, gain privileged access, and quietly steal data. The discovery prompted a rare joint warning from authorities in the US, UK, Australia, Canada, and New Zealand.
Worse, intruders chained the flaw with an older vulnerability to escalate to root access, create persistent accounts, and cover their tracks. No group has claimed responsibility, but investigators say the activity points to a single, unidentified actor now labeled UAT-8616.
Technical details of the incident
The vulnerability tagged CVE-2026-20127 has a critical base score of 10.0 and an impact score of 6.0, demanding prompt action. Successfully exploiting the vulnerability allows attackers to steal data and, with…
