CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 23, 2026
Description
Referenced in article: Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
EPSS — Exploit Probability
Higher than 3.1% of all CVEs
Required Action
CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
Related Articles (3)
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.
Mar 5, 2026
⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More
Weekly cybersecurity recap covering active exploits, AI abuse, exposed cloud assets, critical CVEs, and evolving threat trends.
Mar 2, 2026
Recent Cisco Catalyst SD-WAN Vulnerability Now Widely Exploited
WatchTowr reports seeing exploitation attempts for CVE-2026-20127 from numerous unique IP addresses.
Mar 8, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- Info
- EPSS
- 0.0%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 3
Timeline
Published
Mar 28, 2026
Added to KEV
Apr 20, 2026
Remediation Due
Apr 23, 2026