Heise.De
CISA Warns of Active Exploitation of Cisco Catalyst SD-WAN Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of three vulnerabilities in Cisco's Catalyst SD-WAN Manager, specifically CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133. These vulnerabilities were added to CISA's Known Exploited Vulnerabilities (KEV) catalog on April 20, 2026, with a tight remediation deadline set for April 23, 2026. The flaws allow attackers to gain unauthorized access to sensitive information and potentially take control of affected systems. Cisco has yet to confirm the active exploitation of CVE-2026-20133, although CISA has indicated evidence of exploitation. Organizations must implement mitigations immediately, or discontinue use of the affected product. CISA's Emergency Directive 26-03 outlines the necessary steps for federal agencies and private organizations to secure their networks. The vulnerabilities pose significant risks to network integrity, especially given the critical role of the Catalyst SD-WAN Manager in managing enterprise-wide area network infrastructure.
Key Points: • CISA added three Cisco vulnerabilities to its KEV catalog on April 20, 2026. • Organizations have until April 23, 2026, to implement mitigations or discontinue use of affected products. • Exploitation of these vulnerabilities could allow attackers to gain control over network management systems.