By The Stack
Publication Date: 2026-02-25 17:20:00
A critical CVSS vulnerability allocated CVE-2026-20127 in Cisco Catalyst SD-WAN products has been exploited in the wild since 2023.
Five Eyes agencies today issued an urgent alert over exploitation of multiple vulnerabilities in Cisco Catalyst SD-WAN products – calling for threat hunting and organisations to report exploitation to them.
The vulnerability above lets an unauthenticated, remote attacker bypass authentication and obtain admin privileges on an affected system.
Alarmingly, it affects all of the following:
- On-Prem Deployment
- Cisco Hosted SD-WAN Cloud
- Cisco Hosted SD-WAN Cloud – Cisco Managed
- Cisco Hosted SD-WAN Cloud – FedRAMP Environment
Organisations should perform threat hunting for evidence of compromise detailed in this Cisco SD-WAN Threat Hunt Guide – which is co-signed by the ACSC, NCSC, NSA, CISA, CCCS, and NCSC-NZ.
Strangely (?!), the guide itself doesn’t name CVE-2026-20127 itself. That’s despite Cisco acknowledging its exploitation today (February…