U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Staff Editor 2026-02-26
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

https://securityaffairs.com/188548/hacking/u-s-cisa-adds-cisco-sd-wan-flaws-to-its-known-exploited-vulnerabilities-catalog.html

Publish Date: 2026-02-26 10:12:00

Source Domain: securityaffairs.com

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
February 26, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Below are the flaws added to the catalog:

  • CVE-2022-20775 Cisco Catalyst SD-WAN Path Traversal Vulnerability
  • CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability 

This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), which has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending a crafted request to vulnerable systems.

“This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system.” reads the advisory. “A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”

The vulnerability impacts all Cisco Catalyst SD-WAN deployments, regardless of configuration. Affected environments include:

  • On-Prem deployments
  • Cisco Hosted SD-WAN Cloud
  • Cisco Hosted SD-WAN Cloud – Cisco Managed
  • Cisco Hosted SD-WAN Cloud – FedRAMP

Cisco credited the Australian Signals Directorate’s Australian Cyber Security Centre…

Source

More Stories

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Staff Editor 2026-06-06
Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy