Ncsc.Uk
Cisco SD-WAN Zero-Day Exploited by Threat Actor Since 2023
First seen 25 Feb 2026, 18:12 UTC
•



+60
•83% similarity
•82.1
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A cyber threat actor has been exploiting a zero-day vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller since 2023. This vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrative privileges, potentially leading to long-term persistence in affected systems. Cisco and the Australian Cyber Security Centre have reported the ongoing exploitation of this vulnerability.
ThreatCluster AI
Timeline
2022-09-30
CVE-2022-20775 published
2023-01-01
Exploitation of CVE-2026-20127 began
2026-02-25
CVE-2026-20127 published
2026-02-25
CVE-2026-20127 added to CISA KEV for active exploitation