The Five Eyes cybersecurity agencies warn that a critical Cisco SD-WAN vulnerability is under active exploitation and should be patched immediately.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

The Five Eyes cybersecurity alliance has issued an emergency directive warning that a critical zero-day vulnerability in Cisco Catalyst SD-WAN controllers (CVE-2026-20127) is under active exploitation. Threat cluster UAT-8616 has been exploiting the flaw, which allows unauthenticated attackers to gain administrative access to SD-WAN control plane components, potentially since 2023. Cisco has released patches and confirmed no workarounds exist. CISA urges organizations to immediately inventory affected systems, collect forensic artifacts, apply patches, and hunt for signs of compromise. The incident reflects a broader attacker shift toward targeting control-plane infrastructure for high-leverage network access.

Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day