Cisco has confirmed active exploitation of two new vulnerabilities in its Catalyst SD-WAN Manager platform. CVE-2026-20122 (CVSS 7.1) allows authenticated remote attackers to overwrite arbitrary files, while CVE-2026-20128 (CVSS 5.5) enables privilege escalation to DCA user level. This follows a Five Eyes alliance warning from the prior week about two other actively exploited SD-WAN flaws, one of which (CVE-2026-20127) is maximum severity and linked to threat actor UAT-8616. Cisco urges immediate patching but has not shared indicators of compromise or attribution for the newly disclosed exploits.
Sort: