Vulnerabilities

vulnerabilities 2026-04-01 Critical
CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure
UAT-8616 abused a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller and Manager since 2023, inserting rogue control-plane peers and escalating to root via a deliberate version-downgrade chain. Cisco disclosed in late February.
cisco sd-wan authentication-bypass zero-day cvss-10 privilege-escalation
vulnerabilities 2026-03-31 Critical
CVE-2026-3055: NetScaler SAML IDP Memory Overread Is Under Active Recon — Patch Before April 2
Attackers are actively probing Citrix NetScaler ADC/Gateway for CVE-2026-3055, a CVSS 9.3 memory overread that can leak session tokens from SAML IDP-configured appliances. CISA deadline is April 2.
cisa-kev
vulnerabilities 2026-03-31 Critical
Cisco FMC Zero-Day Exploited by Interlock Ransomware for 36 Days Before Disclosure
CVE-2026-20131 scores a perfect CVSS 10.0. Interlock ransomware had 36 days of free rein before Cisco went public.
cisco zero-day ransomware network-appliance
vulnerabilities 2026-03-29 High
CrackArmor: Nine AppArmor Flaws Enable Container Escape on Debian, Ubuntu, and SUSE
Every Kubernetes node running these distros is potentially exposed. Root escalation from within containers confirmed.
kubernetes linux container-escape

CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure