CVE-2026-20127

exploited in the wild
CVSS
10.0
Reports
16
First seen
Feb 26
Last seen
Jun 25
Affected product

Cisco SD-WAN

Associated actors

Recent reports

High

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited for Root Access

The Hacker News
High

Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

Bleeping Computer
Critical

Attacker exploits Cisco SD-WAN zero-day to gain root access at communications service provider

CyberScoop
High

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

The Hacker News
High

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

The Hacker News
High

Cisco SD-WAN Manager Zero-Day Under Active Exploitation

CyberScoop
High

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited – Patch Unavailable

The Hacker News
High

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

Bleeping Computer
High

Weekly Threat Recap: Exchange 0-Day, npm Supply Chain Attacks, Cisco Exploits

The Hacker News
Critical

CISA Adds Cisco SD-WAN Authentication Bypass CVE-2026-20182 to KEV Catalog

The Hacker News
Critical

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited for Admin Access

The Hacker News
High

Cisco Talos tracks active exploitation of Catalyst SD-WAN vulnerabilities

Cisco Talos
Critical

February 2026 CVE Landscape: 13 Critical Vulnerabilities, 43% Drop from January

Recorded Future Insikt
Critical

Cisco Catalyst SD-WAN authentication bypass vulnerabilities (CVE-2026-20127, CVE-2026-20129)

NICS Taiwan
Critical

Multiple Critical Vulnerabilities in Cisco Catalyst SD-WAN Controllers and Managers

CERT-EU Advisories
Critical

Multiple Vulnerabilities in Cisco Products Being Exploited in the Wild

GovCERT.HK

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.