Cisco SD-WAN auth flaw fuels years-long zero-day campaigns, urgent patch urged

February 25, 2026 at 10:24 PM

•

1 min read

Cisco SD-WAN auth flaw fuels years-long zero-day campaigns, urgent patch urged — Photo: BleepingComputer

TL;DR Summary

Cisco warns of a critical authentication-bypass vulnerability in Catalyst SD-WAN (CVE-2026-20127) that attackers actively exploited since 2023 to log in as a high-privilege user, insert rogue peers, and potentially gain root access. Government advisories (CISA and UK NCSC) issued urgent directives; Cisco released updates but says no workaround fully mitigates the issue. Organizations should harden exposed interfaces, review logs for anomalous peering, and patch promptly.

Topics:business #cisco #cve-2026-20127 #cybersecurity #sd-wan #technology #zero-day

Share this article

Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023 BleepingComputer
Exploitation of Cisco Catalyst SD-WAN National Cyber Security Centre
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 Cisco Talos Blog
CISA gives agencies until Friday to patch critical cyber bug Federal News Network
Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems CISA (.gov)

Reading Insights

Total Reads

Unique Readers

Time Saved

6 min

vs 6 min read

Condensed

95%

1,199 → 65 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights