CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws

Staff Editor 2026-03-12
CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws

CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws

https://www.infosecurity-magazine.com/news/cisa-cisco-sd-wan-flaws-directive/

Publish Date: 2026-03-12 08:45:00

Source Domain: www.infosecurity-magazine.com

A newly issued emergency directive from the US Cybersecurity and Infrastructure Security Agency (CISA) has warned that attackers are actively exploiting vulnerabilities in Cisco Catalyst SD-WAN infrastructure used across US federal networks.

The directive, known as Emergency Directive 26-03, orders federal agencies to urgently identify affected systems, collect forensic evidence, apply security updates and investigate potential compromises.

The warning centers on a flaw tracked as CVE-2026-20127, described as a critical authentication bypass vulnerability with a CVSS severity score of 10. Security officials say the bug could allow an unauthenticated attacker to obtain administrative access to SD-WAN infrastructure.

Such access could enable threat actors to manipulate network configurations or disrupt traffic across government systems. The affected technology is widely used to manage distributed enterprise networks, meaning successful exploitation could grant attackers broad control over key communications infrastructure.

Agencies Ordered to Collect Evidence and Patch Systems

Federal agencies must carry out a sequence of actions under the directive:

  • Identify all affected Cisco SD-WAN systems and submit an inventory to CISA

  • Configure devices to store logs externally and collect forensic artifacts

  • Apply vendor security updates addressing the listed vulnerabilities

  • Hunt for evidence of compromise and rebuild infrastructure if root access is detected

  • Report remediation and logging actions to CISA by multiple deadlines through March 23, 2026

Read more on enterprise network security: Zero‑Day Attacks on Enterprise Software Reach Record High, Google Warns

The directive also requires agencies to provide logging data through CISA’s Cloud Logging Aggregation Warehouse program, allowing investigators to analyze activity across networks. The requirements apply to federal civilian executive branch systems, including IT environments…

Source

More Stories

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Project Glasswing: Key cybersecurity agencies set to get access to Anthropic’s Mythos | Business News

Staff Editor 2026-06-06
Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Did Insight’s New AI Cybersecurity Service and Credit Tweaks Just Reframe Insight Enterprises’ (NSIT) Growth Story?

Staff Editor 2026-06-06
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy