Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
Publish Date: 2026-02-26 01:13:00
Source Domain: thehackernews.com
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system by sending a crafted request to an affected system.
Successful exploitation of the flaw could allow the adversary to obtain elevated privileges on the system as an internal, high-privileged, non-root user account.
“This vulnerability exists because the peering authentication mechanism in an affected system is not working properly,” Cisco said in an advisory, adding the threat actor could leverage the non-root user account to access NETCONF and manipulate network configuration for the SD-WAN fabric.
The shortcoming affects the following deployment types, irrespective of the device configuration –
- On-Prem Deployment
- Cisco Hosted SD-WAN Cloud
- Cisco Hosted SD-WAN Cloud – Cisco Managed
- Cisco Hosted SD-WAN Cloud – FedRAMP Environment
Cisco credited the Australian Signals Directorate’s Australian Cyber Security Centre (ASD-ACSC) for reporting the vulnerability. The networking equipment major is tracking the exploitation and subsequent post-compromise activity under the moniker UAT-8616, describing the cluster as a “highly sophisticated cyber threat actor.”
The vulnerability has been addressed in the following versions of Cisco Catalyst SD-WAN –
- Prior to version 20.91 – Migrate to a fixed release.
- Version 20.9 – 20.9.8.2 (Estimated release February 27, 2026)
- Version 20.111 – 20.12.6.1
- Version 20.12.5 – 20.12.5.3
- Version 20.12.6 – 20.12.6.1
- Version 20.131 – 20.15.4.2
- Version 20.141 – 20.15.4.2
- Version 20.15 – 20.15.4.2
- Version 20.161 – 20.18.2.1
- Version 20.18 -…
