CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 12, 2026
Description
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
EPSS — Exploit Probability
57.0%
Higher than 98.1% of all CVEs
Required Action
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e ; https://nvd.nist.gov/vuln/detail/CVE-2025-34026
Risk Assessment
HIGHIn CISA KEV
High EPSS
Details
- Severity
- High
- EPSS
- 57.0%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Jan 22, 2026
Added to KEV
Jan 22, 2026
Remediation Due
Feb 12, 2026