Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA Emergency Directive 26-03 for Cisco SD-WAN

Public Sector Action
First reported
Last updated
Happening score
H score 49
2 unique sources, 2 articles

Summary

Hide ▲

CISA issued Emergency Directive 26-03 and supplemental guidance to force immediate remediation of Cisco SD-WAN vulnerabilities across Federal Civilian Executive Branch (FCEB) agencies. The directive says the flaws pose an unacceptable risk to federal networks and require immediate action. Agencies must inventory in-scope systems, collect logs and snapshots, patch CVE-2026-20127 and CVE-2022-20775, and hunt for compromise. CISA also said it will monitor compliance and provide technical assistance.

Related Happenings

CISA revises CIRCIA town hall schedule

Public Sector Action
First: 26.05.2026 15:00 Last: 26.05.2026 15:00 Sources 1

About this happening: CISA **revised the schedule** for **virtual town halls** on the **CIRCIA rulemaking**, reopening stakeholder engagement on a cybersecurity reporting rule that will affect **critic...

Open Happening

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CISA launches KEV Nomination Form

Public Sector Action
First: 21.05.2026 15:00 Last: 21.05.2026 15:00 Sources 1

About this happening: CISA launched a **new Nomination Form** for the **KEV catalog**, giving **researchers, vendors, and industry partners** a direct way to report **known exploited vulnerabilities**....

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

Timeline

  1. 25.02.2026 14:00 2 articles · 3mo ago

    CISA issues Emergency Directive 26-03 for Cisco SD-WAN

    Legal Policy Action Update

    CISA issued Emergency Directive 26-03 and supplemental direction for Cisco SD-WAN systems after determining that vulnerabilities in certain Cisco systems and software posed an unacceptable risk to Federal Civilian Executive Branch agencies and federal networks. The directive requires federal agencies to inventory in-scope systems, collect virtual snapshots and logs, patch CVE-2026-20127 and CVE-2022-20775, hunt for evidence of compromise, and follow Cisco’s Catalyst SD-WAN Hardening Guide.

    Show sources
    Open in new tab