A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023. The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain
![]()
source https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html
source https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html