CISA Warns of Active Exploitation of Cisco Catalyst SD-WAN Vulnerabilities

CISA Warns of Active Exploitation of Cisco Catalyst SD-WAN Vulnerabilities

First seen 21 Apr 2026, 09:24 UTC GbhackersHeise.Denvd.nist.govFeeds2.FeedburnerBleepingcomputer+6 88% similarity 72.2

Article Content

Browse articles
ThreatCluster

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of three vulnerabilities in Cisco's Catalyst SD-WAN Manager, specifically CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133. These vulnerabilities were added to CISA's Known Exploited Vulnerabilities (KEV) catalog on April 20, 2026, with a tight remediation deadline set for April 23, 2026. The flaws allow attackers to gain unauthorized access to sensitive information and potentially take control of affected systems. Cisco has yet to confirm the active exploitation of CVE-2026-20133, although CISA has indicated evidence of exploitation. Organizations must implement mitigations immediately, or discontinue use of the affected product. CISA's Emergency Directive 26-03 outlines the necessary steps for federal agencies and private organizations to secure their networks. The vulnerabilities pose significant risks to network integrity, especially given the critical role of the Catalyst SD-WAN Manager in managing enterprise-wide area network infrastructure.

Key Points: • CISA added three Cisco vulnerabilities to its KEV catalog on April 20, 2026. • Organizations have until April 23, 2026, to implement mitigations or discontinue use of affected products. • Exploitation of these vulnerabilities could allow attackers to gain control over network management systems.

ThreatCluster AI

Timeline

2023-04-20
CVE-2023-27351 published
2024-03-04
CVE-2024-27199 published
2025-03-24
CVE-2025-2749 published
2025-06-23
CVE-2025-48700 published
2025-06-24
CVE-2025-32975 published
2026-02-25
CVE-2026-20122, CVE-2026-20128, CVE-2026-20133 published
2026-02-25
CVE-2026-20127 published
2026-04-20
CISA adds three Cisco vulnerabilities to KEV catalog
2026-04-23
Deadline for organizations to implement mitigations

Community

Browse all →