Cisco has released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, tracked as CVE-2026-2012

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Cisco has released patches for CVE-2026-20127, a maximum severity (CVSS 10.0) authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager. The flaw stems from a broken peering authentication mechanism, allowing remote unauthenticated attackers to gain administrative privileges and abuse NETCONF to manipulate SD-WAN fabric configurations. CISA and Cisco PSIRT have confirmed active exploitation by sophisticated threat actors. Affected organizations should immediately upgrade to fixed versions (detailed version table provided) and apply network hardening by restricting management interfaces from public internet exposure. Compromise indicators include suspicious entries in /var/log/auth.log for 'vmanage-admin' logins from unknown IPs.

CVE-2026-20127

Apply Security Hardening to Affected Services