CISA Warns of Active Cisco SD-WAN Exploitation, Orders Immediate Remediation Across Agencies
CISA and international partners issued an alert about ongoing exploitation of Cisco SD-WAN vulnerabilities (CVE-2026-20127 and CVE-2022-20775), adding the first to the KEV catalog, and mandated federal agencies under Emergency Directive 26-03 to inventory, patch, collect artifacts, and hunt for evidence of compromise, while Cisco and partner agencies publish hardening and threat-hunting guidance.