CISA flags exploited Cisco SD-WAN flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities in Cisco's Catalyst SD-WAN Manager to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch them within four days. The flaws, tracked as CVE-2026-20128, CVE-2026-20122, and CVE-2026-20133, allow unauthenticated attackers to gain administrative privileges, overwrite files, and access sensitive information. Cisco patched the vulnerabilities in February but confirmed in March that two of them are being actively exploited in the wild. Given that the SD-WAN Manager can control up to 6,000 edge devices per cluster, successful exploitation poses a significant operational risk to enterprise and government network infrastructure.