Critical Zero-Day Vulnerability in Cisco SD-WAN Products Actively Exploited

A maximum-severity zero-day vulnerability (CVE-2026-20127, CVSS score: 10.0) in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has been actively exploited in the wild since 2023. The flaw allows unauthenticated remote attackers to bypass authentication and gain administrative access. No additional technical details about the exploitation method or affected versions were disclosed in the available content. The vulnerability was publicly reported in February 2026, though malicious activity predates this disclosure. Cisco has not yet provided further mitigation guidance or patches in the summarized information.