- 43/2026
- Critical
Cisco has released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, manipulate data, conduct cross-site scripting attacks, gain elevated privileges, execute arbitrary commands, and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE- 2026-20127):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability (CVE-2026- 20126):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.
- Cisco Nexus 9000 Series Fabric Switches in ACI Mode.
- Cisco UCS Manager Software.
- Cisco FXOS Software.
- Cisco Application Policy Infrastructure Controller.
It should be noted that Cisco is aware that the two vulnerabilities, “CVE-2026- 20127” and “CVE-2022-20775,” are being exploited in the wild.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.