Cisco has issued a critical alert regarding CVE-2026-20127, a CVSS 10.0 authentication bypass vulnerability in Catalyst SD-WAN systems. Actively exploited as a zero-day since at least 2023, the flaw allows remote attackers to compromise controllers and introduce rogue peers into the network fabric. High-privileged access enables threat actors to manipulate configurations via NETCONF and potentially escalate to root privileges by chain-exploiting older vulnerabilities like CVE-2022-20775 through software downgrades.
In response to the imminent threat, CISA issued an Emergency Directive requiring federal agencies to patch systems and conduct forensic audits immediately. Security agencies from the UK and US recommend strict hardening measures, including isolating management interfaces from the internet and monitoring logs for unauthorized publickey authentications. Organizations are urged to upgrade to fixed software releases as soon as possible, as no workarounds currently provide complete mitigation.
Top comments (0)