Cisco has flagged two extra Catalyst SD-WAN Supervisor safety flaws as actively exploited within the wild, urging directors to improve susceptible units.
Catalyst SD-WAN Supervisor (previously vManage) is community administration software program that permits admins to observe and handle as much as 6,000 Catalyst SD-WAN units from a single centralized dashboard.
“In March 2026, the Cisco PSIRT grew to become conscious of lively exploitation of the vulnerabilities which can be described in CVE-2026-20128 and CVE-2026-20122 solely,” the corporate warned in an replace to a February 25 advisory.
“The vulnerabilities which can be described within the different CVEs on this advisory aren’t identified to have been compromised. Cisco strongly recommends that prospects improve to a hard and fast software program launch to remediate these vulnerabilities.”
The high-severity arbitrary file overwrite vulnerability (CVE-2026-20122) can solely be exploited by distant attackers with legitimate read-only credentials with API entry, whereas the medium-severity data disclosure flaw (CVE-2026-20128) requires native attackers to have legitimate vmanage credentials on the focused methods.
Cisco added that these vulnerabilities have an effect on Catalyst SD-WAN Supervisor software program, no matter gadget configuration.
SD-WAN zero-days exploited since 2023
Final week, the corporate additionally disclosed {that a} crucial authentication bypass vulnerability (CVE-2026-20127) has been exploited in zero-day assaults since not less than 2023, enabling extremely subtle risk actors to compromise controllers and add malicious rogue friends to focused networks.
The rogue friends enable the attackers to insert legitimate-looking malicious units, enabling them to maneuver deeper into compromised networks.
After joint advisories by U.S. and U.Ok. authorities warning of the exploitation exercise, CISA issued Emergency Directive 26-03 requiring federal companies to stock Cisco SD-WAN methods, acquire forensic artifacts, guarantee exterior log storage, apply updates, and examine potential compromises tied to assaults focusing on CVE-2026-20127 and an older flaw tracked as CVE-2022-20775.
Extra just lately, on Wednesday, Cisco launched safety updates to patch two maximum-severity vulnerabilities in its Safe Firewall Administration Heart (FMC) software program.
These safety flaws, an authentication bypass flaw (tracked as CVE-2026-20079) and a distant code execution (RCE) vulnerability (CVE-2026-20131), could be exploited remotely by unauthenticated attackers to achieve root entry to the underlying working system and execute arbitrary Java code as root on unpatched units, respectively.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
