Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV addition for Sierra Wireless ALEOS routers

Public Sector Action
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2018-4063 to its KEV catalog, putting Sierra Wireless AirLink ALEOS routers under federal remediation pressure after reports of active exploitation. The flaw is an unrestricted file upload issue that can enable remote code execution through a malicious HTTP request. FCEB agencies were told to move to a supported version or stop using the product by January 2, 2026.

Related Happenings

Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)

Vulnerability
H score24 First: 15.06.2026 20:12 Last: 15.06.2026 20:12 Sources 1

About this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
H score60 First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)

Vulnerability
H score7 First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: CISA moved **CVE-2026-20133** in **Cisco Catalyst SD-WAN Manager** into its **KEV Catalog**, signaling **active exploitation** against **unpatched devices** and forcing **FCEB age...

CISA KEV directive for CVE-2026-20133

Public Sector Action
H score36 First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

F5 BIG-IP APM unauthenticated RCE (CVE-2025-53521)

Vulnerability
H score84 First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: **CVE-2025-53521** is being **actively exploited** against **F5 BIG-IP APM** deployments, creating **unauthenticated remote code execution** risk for exposed systems. The flaw aff...

Timeline

  1. 13.12.2025 14:33 2 articles · 6mo ago

    CISA KEV addition for Sierra Wireless ALEOS routers

    Initial Disclosure

    **CISA** moved the router flaw into the **KEV catalog** after reports of **active exploitation**. Federal civilian agencies were then directed to **upgrade or discontinue** affected devices before the **January 2, 2026** deadline.

    Show sources