Cisco warns of a critical SD-WAN bug that was actively exploited in zero-day attacks since 2023; CISA and its international partners issue emergency directives
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127 …
BleepingComputer Lawrence Abrams
Related Coverage
- Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 Cisco Talos Blog
- Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability Cisco
- ED 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems CISA
- Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems CISA
- Cisco Security Advisory Cisco
- Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day CSO · Cynthia Brumfield
- Hackers are exploiting exposed Cisco products, Five Eyes intelligence agencies say FCW · David DiMolfetta
- Exploitation of Cisco Catalyst SD-WAN National Cyber Security Centre
- CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems CISA
- CISA orders agencies to patch Cisco devices now under attack Cybersecurity Dive · Eric Geller
- Hackers Exploited Cisco SD-WAN Zero-Day for Three Years Before Detection The Cyber Express · Mihir Bagwe
- Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems DeviceSecurity.io · Chris Riotta
- Critical Cisco SD-WAN 0-Day Vulnerability Exploited Since 2023 to Gain Root Access Cyber Security News · Guru Baran
- ALERT! Five Eyes nations release Emergency Directive over critical - and exploited - Cisco Catalyst SD-WAN Controller vulnerability Cyber Daily · David Hollingworth
- CISA gives agencies until Friday to patch critical cyber bug Federal News Network · Justin Doubleday
- Governments issue warning over Cisco zero-day attacks dating back to 2023 CyberScoop · Matt Kapko
- ASD and Five-Eyes spy agencies alert on exploited Cisco SD-WAN zero-day iTnews · Juha Saarinen
- Five Eyes issues urgent warning over Cisco SD-WAN 0day exploitation The Stack · Edward Targett
- Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) Help Net Security · Zeljka Zorz
- Cisco Catalyst SD-WAN users targeted in series of cyber attacks ComputerWeekly.com · Alex Scroxton
- Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws The Record · Alexander Martin
- Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems DataBreachToday.com · Chris Riotta
- Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day Infosecurity · Phil Muncaster
- Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerability ITPro · Emma Woollacott
- Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover The Register · Connor Jones
- Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control Security Affairs · Pierluigi Paganini
- Emergency Cisco 0Day Security Warning—'Immediate Action Required' Forbes · Davey Winder
- Cisco warns of critical SD-WAN security flaw which has been open since 2023 TechRadar · Sead Fadilpašić
- Cisco, Five Eyes alliance urge immediate patching for Cisco Catalyst SD-WAN zero day Metacurity · Cynthia B Brumfield
- U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog Security Affairs · Pierluigi Paganini
- Cisco SD-WAN Hack Panic: Feds Order Emergency Patch Blitz Across Bay Area Originally Reported … · Eileen Vargas
- Cisco SD-WAN Zero-Day Actively Exploited to Gain Root Access eSecurity Planet · Ken Underhill
Discussion
-
@cisacyber
@cisacyber
on x
🚨 Just Released: Emergency Directive 26-03 focuses on mitigating vulnerabilities in Cisco SD-WAN systems. We urge all orgs to review and implement the recommended actions immediately to protect your network. 👉 https://go.dhs.gov/iHq [video]
-
@fbicyberdiv
@fbicyberdiv
on x
🚨 Malicious cyber actors are targeting and compromising Cisco SD-WAN systems deployed by organizations worldwide. These actors have exploited a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using [image…
-
@cisacyber
@cisacyber
on x
🚨 Cyber threat actors are exploiting multiple Cisco vulnerabilities, including CVE-2026-20127 and CVE-2022-20775, to ultimately establish long-term persistence in SD-WAN systems across multinational organizations. Review our Alert & act immediately. 👉 https://go.dhs.gov/iHw [vide…
-
@cybercentre_ca
@cybercentre_ca
on x
#CyberAlert Malicious cyber threat actors are targeting #Cisco SD-WAN networks used by organizations around the world. Read our alert: https://www.cyber.gc.ca/... [image]
-
@ericgeller
Eric Geller
on x
New: @CISAgov orders agencies to quickly patch serious Cisco SD-WAN device vulnerabilities, including two that the agency says are being exploited in ways that imminently threaten government networks: https://www.cybersecuritydive.com/ ... [image]
-
@cisacyber
@cisacyber
on x
🛡️ We added Cisco Catalyst SD-WAN path traversal vulnerability CVE-2022-20775 & Controller and Manager authentication bypass vulnerability CVE-2026-20127 to our KEV Catalog. Visit https://go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. [video]
-
@watchtowrcyber
@watchtowrcyber
on x
🚨 watchTowr is rapidly reacting to CVE-2026-20127, a critical auth bypass in Cisco's Catalyst SD-WAN Controller with active in-the-wild exploitation reported. Patch urgently. Active watchTowr Platform clients have been made aware of their exposure - reach out via the watchTowr [i…
-
@ransomwaresommelier.com
@ransomwaresommelier.com
on bluesky
Watch out, @talosintelligence.com reports on active exploitation of Cisco Catalyst SD-WAN.
-
@dannypalmer
Danny Palmer
on bluesky
The NCSC, alongside international cyber agency partners, has put out an alert warning that “malicious cyber threat actors are targeting Cisco Catalyst Software Defined Wide Area Networks (SD-WAN) used by organisations globally.” — www.ncsc.gov.uk/news/exploit...
-
@metacurity.com
Cynthia Brumfield
on bluesky
The signals intelligence groups of all the Five Eyes nations have issued an emergency directive regarding Cisco SD-WAN Systems in response to what they say is a significant cyber threat. — www.cisa.gov/news-events/...
-
@ollieatnowhere
Ollie Whitehouse
on bluesky
Exploitation of Cisco Catalyst SD-WAN — Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN, and full updating and hardening. — www.ncsc.gov.uk/news/exploit...
-
@campuscodi@mastodon.social
Catalin Cimpanu
on mastodon
New Cisco zero-day, this one one discovered by the ASD — https://sec.cloudapps.cisco.com/ ...