By Jessica Lyons
Publication Date: 2026-04-21 17:30:00
America’s lead cyber-defense agency has warned that three Cisco Catalyst SD-WAN Manager bugs are under attack, and given federal agencies just four days to patch the security holes.
The US Cybersecurity and Infrastructure Security Agency (CISA) added all three to its Known Exploited Vulnerabilities Catalog on Monday, joining at least two other Cisco SD-WAN CVEs on the list, and set a Thursday deadline for federal agencies to fix.
Cisco’s Catalyst SD-WAN Manager platform, formerly known as vManage, sits at the center of many organizations’ SD-WAN deployments and can manage up to 6,000 edge devices in a cluster.
The first flaw, CVE-2026-20128, is an information disclosure vulnerability in the data collection agent (DCA) feature of Cisco Catalyst SD-WAN Manager that allows unauthenticated, remote attackers to gain DCA user privileges on an affected system.
