Cisco Catalyst SD WAN Faces Active Exploits, Users Consider Alternatives
CiscoCatalystSD-WANvManageCVE-2026-20122CVE-2026-20128CVE-2026-20127cybersecurityexploitspatchingcloud-nativealternativescontractrenewal
💬 Cisco Catalyst SD WAN just got hit with active exploits, seriously reconsidering our whole setup now, Done with it. The post describes an emergency patching effort for Cisco vManage following the disclosure of two actively exploited vulnerabilities, CVE-2026-20122 (arbitrary file overwrite) and CVE-2026-20128 (privilege escalation). The author notes this is not the first incident, citing a prior CVE-2026-20127 (CVSS 10.0) exploited by a sophisticated threat actor. Frustration is expressed over the recurring need for urgent patching of customer-managed vManage software. The author is evaluating cloud-native alternatives ahead of an upcoming contract renewal but remains uncertain about the best path forward.