US Cybersecurity and Infrastructure Security Agency (CISA) Emergency Directive 26-03 for Federal civilian executive branch systems remediation and reporting deadlines through
Public Sector Action
Summary
Hide ▲
Show ▼
CISA issued Emergency Directive 26-03 after warning that attackers are actively exploiting Cisco Catalyst SD-WAN vulnerabilities across US federal networks. The directive centers on CVE-2026-20127, a critical authentication bypass flaw that could give an unauthenticated attacker administrative access and broad control over network traffic. Federal civilian agencies must inventory affected systems, collect forensic evidence, apply updates, and report remediation by March 23, 2026.
Related Happenings
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
Campaign
H score38
First: 25.06.2026 17:15
Last: 25.06.2026 17:15
Sources 1
About this happening:
An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
CampaignAbout this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector Action
H score43
First: 09.06.2026 11:18
Last: 09.06.2026 11:18
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector Action
H score43
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector ActionAbout this happening: On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
Timeline
-
12.03.2026 14:45 1 articles · 3mo ago
CISA warns of active Cisco SD-WAN exploitation
Initial DisclosureCISA warns that attackers are actively exploiting Cisco Catalyst SD-WAN infrastructure used across US federal networks and centers the warning on CVE-2026-20127, a critical authentication bypass flaw with a CVSS 10 score that could let an unauthenticated attacker gain administrative access and manipulate network configurations or disrupt traffic.
Show sources
- CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws — www.infosecurity-magazine.com — 12.03.2026 14:45
-
12.03.2026 14:45 2 articles · 3mo ago
CISA orders federal remediation steps
Legal Policy Action UpdateEmergency Directive 26-03 orders federal civilian executive branch agencies to identify affected Cisco SD-WAN systems, submit inventories to CISA, store logs externally, collect forensic artifacts, apply vendor security updates, hunt for compromise, and rebuild infrastructure if root access is detected, with remediation and logging deadlines extending through March 23, 2026.
Show sources
- CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws — www.infosecurity-magazine.com — 12.03.2026 14:45
- CISA Issues Emergency Directive Over Exploited Cisco SD-WAN Flaws — www.infosecurity-magazine.com — 12.03.2026 14:45