Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cisco Catalyst SD-WAN Manager actively exploited flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 66
2 unique sources, 2 articles

Summary

Hide ▲

Cisco Catalyst SD-WAN Manager has actively exploited flaws CVE-2026-20122 and CVE-2026-20128, creating immediate risk for management-plane compromise across affected deployments. Cisco says the issues affect the software regardless of device configuration. Administrators are being urged to upgrade to a fixed software release to close the exposure. The confirmed exploitation makes these vulnerabilities urgent even before broader compromise is observed.

Related Happenings

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)

Vulnerability
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: CISA moved **CVE-2026-20133** in **Cisco Catalyst SD-WAN Manager** into its **KEV Catalog**, signaling **active exploitation** against **unpatched devices** and forcing **FCEB age...

Open Happening

Cisco IMC password change authentication bypass (CVE-2026-20093)

Vulnerability
First: 02.04.2026 14:01 Last: 02.04.2026 14:01 Sources 1

About this happening: Cisco released **security updates** for **Cisco IMC/CIMC** after a **password-change authentication bypass** was found that lets **unauthenticated attackers** gain **Admin access*...

Open Happening

Interlock Cisco Secure Firewall Management Center zero-day exploitation wave

Exploitation Wave
First: 18.03.2026 18:53 Last: 18.03.2026 18:53 Sources 1

About this happening: A **zero-day exploitation wave** tied to **Interlock** has been hitting **Cisco Secure Firewall Management Center (FMC)**, putting **enterprise firewalls** at risk before patching...

Open Happening

Timeline

  1. 05.03.2026 12:32 2 articles · 2mo ago

    Cisco discloses active exploitation of Catalyst SD-WAN Manager flaws

    Initial Disclosure

    Cisco disclosed that Catalyst SD-WAN Manager vulnerabilities CVE-2026-20122 and CVE-2026-20128 are actively exploited in the wild and urged administrators to upgrade to a fixed software release. Cisco said the flaws affect Catalyst SD-WAN Manager software regardless of device configuration, and it identified CVE-2026-20122 as an arbitrary file overwrite issue and CVE-2026-20128 as an information disclosure issue.

    Show sources
    Open in new tab