Cybersecurity agencies from the U.S. and allied nations issued urgent warnings regarding a critical vulnerability in Cisco Catalyst SD-WAN networking equipment. A sophisticated threat actor has actively exploited the flaw, identified as CVE-2026-20127, since at least 2023.
The vulnerability allows attackers to bypass authentication and gain high-level user access. Exploitation enables the unauthorized manipulation of network configurations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive compelling federal agencies to patch affected devices immediately. Cisco tracks the specific threat actor behind the campaign as UAT-8616.
Attackers utilized advanced techniques including software downgrades to exploit older bugs for deeper system access. International cybersecurity bodies have released global guidance for organizations to identify signs of compromise.