By Lawrence Abrams
Publication Date: 2026-02-25 18:01:00
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks.
CVE-2026-20127 has a maximum severity of 10.0 and impacts Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage) in on-prem and SD-WAN Cloud installations.
Cisco credited the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) for reporting the vulnerability.
In an advisory published today, Cisco said the issue stems from a peering authentication mechanism that “is not working properly.”
“This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system,” reads the Cisco…
