By Connor Jones
Publication Date: 2026-02-26 11:39:00
The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.
First discovered by the Australian Signals Directorate (ASD), all five of the alliance’s intelligence agencies co-signed the alert on Wednesday evening, confirming that hackers of unspecified origin are trying to use the SD-WAN devices for persistent access.
“Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally,” the UK’s NCSC said. “These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN.”
The first of the two is CVE-2022-20775 (7.8), a path traversal vulnerability disclosed in September 2022 affecting the SD-WAN’s command line interface, allowing for privilege escalation.
