CISA has added three Cisco Catalyst SD-WAN Manager vulnerabilities to its Known Exploited Vulnerabilities Catalog, giving federal agencies until Thursday to patch. The flaws include two information disclosure bugs (CVE-2026-20128 and CVE-2026-20133) allowing unauthenticated remote attackers to gain privileges or view sensitive data, and an arbitrary file overwrite flaw (CVE-2026-20122) exploitable by authenticated attackers with read-only API credentials. Cisco patched all three in late February, and confirmed active exploitation of two of the three CVEs since March 2026.
Sort: