AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-20127: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 24, 2026CVE-2026-20127

Summary

Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass vulnerability that allows remote attackers to skip the login process and gain administrative access without valid credentials. An attacker could exploit this flaw by sending specially crafted requests, then use the compromised access to manipulate network configuration through NETCONF (a network configuration protocol). This vulnerability is currently being actively exploited in real-world attacks.

Solution / Mitigation

According to the source, follow CISA's Emergency Directive 26-03 and CISA's Hunt and Hardening Guidance for Cisco SD-WAN Devices. The source also states to adhere to BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. A due date of 2026-02-27 is specified for compliance.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 2.6%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-287

CAPEC (Attack Pattern)

CAPEC-114

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-20127

First tracked: February 25, 2026 at 03:00 PM

Classified by LLM (prompt v3) · confidence: 95%