By Dark Reading
Publication Date: 2026-03-13 19:19:00
Amid a stream of new vulnerabilities in Cisco’s Catalyst SD-WAN Manager, some researchers are arguing that organizations have misplaced their focus, hyperfixating on one critical vulnerability with a lot of noise around it, but overlooking another, quieter bug that’s just as serious.
On Feb. 25, Cisco publicly disclosed half a dozen newfound bugs in its Software-Defined Wide Area Network (SD-WAN) management product. At least three have been exploited in the wild. One, CVE-2026-20127, in addition to earning the highest possible 10 out of 10 score in the Common Vulnerability Scoring System (CVSS), appears to have been exploited as a zero-day by one threat actor for at least three years.
In that light, it’s no wonder that CVE-2026-20127 attracted as much attention as it has. And yet, some other reasons for concern have been less well-founded. Researchers at VulnCheck found that public proof-of-concept (PoC) exploits for this issue have been a mixed bag: some are outright fake, some are…

