Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover.
A rare joint alert from all five spy agencies means serious business.
The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.
First discovered by the Australian Signals Directorate (ASD), all five of the alliance’s intelligence agencies co-signed the alert on Wednesday evening, confirming that hackers of unspecified origin are trying to use the SD-WAN devices for persistent access.
“Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally,” the UK’s NCSC said. “These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN.”
The first of the two is CVE-2022-20775 (7.8), a path traversal vulnerability disclosed in September 2022 affecting the SD-WAN’s command line interface, allowing for privilege escalation.
The second is CVE-2026-20127 (10.0), a max-severity bug fresh off the press this week. Classed as an improper authentication flaw, the issue affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vSmart and SD-WAN vManage respectively.
Read More Here: https://www.theregister.com/2026/02/26/five_eyes_cisco_sdwan/
