CISA Emergency Directive 26-03 for Cisco SD-WAN
Public Sector Action
Summary
Hide ▲
Show ▼
CISA issued Emergency Directive 26-03 and supplemental guidance to force immediate remediation of Cisco SD-WAN vulnerabilities across Federal Civilian Executive Branch (FCEB) agencies. The directive says the flaws pose an unacceptable risk to federal networks and require immediate action. Agencies must inventory in-scope systems, collect logs and snapshots, patch CVE-2026-20127 and CVE-2022-20775, and hunt for compromise. CISA also said it will monitor compliance and provide technical assistance.
Related Happenings
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
Campaign
H score38
First: 25.06.2026 17:15
Last: 25.06.2026 17:15
Sources 1
About this happening:
An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
CampaignAbout this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
Timeline
-
25.02.2026 14:00 2 articles · 4mo ago
CISA issues Emergency Directive 26-03 for Cisco SD-WAN
Legal Policy Action UpdateCISA issued Emergency Directive 26-03 and supplemental direction for Cisco SD-WAN systems after determining that vulnerabilities in certain Cisco systems and software posed an unacceptable risk to Federal Civilian Executive Branch agencies and federal networks. The directive requires federal agencies to inventory in-scope systems, collect virtual snapshots and logs, patch CVE-2026-20127 and CVE-2022-20775, hunt for evidence of compromise, and follow Cisco’s Catalyst SD-WAN Hardening Guide.
Show sources
- Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems — www.cisa.gov — 25.02.2026 14:00
- Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day — www.infosecurity-magazine.com — 26.02.2026 11:30