Feed›Vulnerability›CISA flags new SD-WAN flaw as actively exploited in attacks...

VulnerabilityBleeping Computer

10.0 — CRITICAL

CISA flags new SD-WAN flaw as actively exploited in attacks

📅 28 April 2026 at 09:29 UTC📰 Bleeping ComputerView original source ↗

CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A vulnerability in Cisco Catalyst SD-WAN Manager (CVE-2026-20133) has been actively exploited in attacks, allowing unauthenticated remote attackers to access sensitive information on affected systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal agencies to secure their networks until Friday, April 24.

⚙️Technical Details

CVEs

CVE-2026-20133CVE-2026-20128CVE-2026-20122CVE-2026-20127Affected Systems: Cisco Catalyst SD-WAN Manager

Affected Systems

Cisco Catalyst SD-WAN Manager

Attack Vectors

NETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Federal agencies and organizations using Cisco Catalyst SD-WAN Manager

🛡️Recommended Actions

1Apply the patch released by Cisco to fix the vulnerability (CVE-2026-20133)

2Implement additional security controls, such as network segmentation and access controls, to prevent lateral movement

3Monitor for signs of exploitation and conduct regular vulnerability assessments

📦Affected Products

Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart ControllerCisco Catalyst SD-WAN Manager

🔐NVD Verified DataVERIFIED

CVE-2026-20133 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE-200

Affected Products (CPE)

Cisco Catalyst Sd-Wan Manager

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20128 ↗CVSS 7.5 — HIGH

Attack Vector

LOCAL

Complexity

HIGH

Vector String

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-257

Affected Products (CPE)

Cisco Catalyst Sd-Wan Manager

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20122 ↗CVSS 5.4 — MEDIUM

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE-648

Affected Products (CPE)

Cisco Catalyst Sd-Wan Manager

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20127 ↗CVSS 10 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-287

Affected Products (CPE)

Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart Controller

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed