Network-Security

vulnerabilities 2026-04-01 Critical
CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure
UAT-8616 abused a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller and Manager since 2023, inserting rogue control-plane peers and escalating to root via a deliberate version-downgrade chain. Cisco disclosed in late February.
cisco sd-wan authentication-bypass zero-day uat-8616 cvss-10 network-security privilege-escalation

CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure