CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 12, 2026
High
CISA KEVCVE-2025-34026
Versa—Concerto
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
Required Action
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e ; https://nvd.nist.gov/vuln/detail/CVE-2025-34026
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jan 22, 2026
- KEV Added
- Jan 22, 2026
- Due Date
- Feb 12, 2026
- Related Articles
- 0
Vendor
Versa
Concerto