On 25 February 2026, Cisco released security advisories addressing multiple high and critical severity vulnerabilities in Cisco Catalyst SD-WAN controllers and Cisco SD-WAN Manager. If exploited, these vulnerabilities could allow attackers to gain administrative access to compromised systems.
It is recommended to capture forensic evidence, hunt for indicators of compromise, and apply updates as soon as possible.
One of the vulnerabilities, CVE-2026-20127, is exploited in the wild since 2023.