Joint cybersecurity advisory: Exploitation of Cisco SD-WAN appliances
Malicious cyber threat actors are targeting Software-Defined Wide Area Networks (SDWANs) of organizations globally.
These actors exploited a Cisco Catalyst SD-WAN controller authentication bypass vulnerability, CVE-2026-20127.
After exploitation of this vulnerability the malicious actors add a rogue peer, and eventually gain root access to establish long-term persistence in SD-WANs.