A highly sophisticated threat actor has been exploiting a critical (CVSS 10.0) authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Manager since 2023, allowing them to add a rogue peer and gain root access for long-term persistence. Affected versions are Cisco Catalyst SD-WAN Manager prior to 20.9.8.2, versions 20.11.x prior to 20.12.5.3, versions 20.13.x prior to 20.15.4.2, versions 20.16.x prior to 20.18.2.1, and specifically version 20.12.6. Cisco has released fixed versions 20.9.8.2, 20.12.5.3, 20.15.4.2, and 20.18.2.1 to address this issue.
A âhighly sophisticatedâ cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorateâs Australian Cyber Security Centre, who said that once the vulnerability was exploited, âthe malicious actors add[ed] a rogue peer, and eventually gain[ed] root access to establish long-term persistence in SD-WANs.â âThis vulnerability exists because the peering authentication mechanism in an affected ⊠More â The post Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) appeared first on Help Net Security .