The US Cybersecurity and Infrastructure Security Agency (CISA) has alerted federal agencies about three vulnerabilities in Cisco’s Catalyst SD-WAN Manager that are currently being exploited. Agencies have been given a four-day window to implement necessary patches to mitigate these security risks.
Details of the Vulnerabilities
The vulnerabilities, now included in CISA’s Known Exploited Vulnerabilities Catalog, are identified as CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122. The Catalyst SD-WAN Manager, previously known as vManage, is critical for managing SD-WAN deployments, capable of overseeing up to 6,000 edge devices in a cluster.
Specific Flaws Identified
CVE-2026-20128 is an information disclosure vulnerability that allows unauthenticated remote attackers to gain DCA user privileges on affected systems. Similarly, CVE-2026-20133 enables unauthorized access to sensitive information on the systems. The third vulnerability, CVE-2026-20122, is an arbitrary file overwrite flaw that could permit an authenticated remote attacker with valid read-only API credentials to upload malicious files and overwrite local files, potentially gaining vManage user privileges.
Current Exploitation Status
Cisco has confirmed that all three vulnerabilities were patched in late February 2026. However, in March, the company noted that CVE-2026-20128 and CVE-2026-20122 were actively being exploited. At this time, CVE-2026-20133 has not been reported as under active exploitation.
Response and Recommendations
In light of these developments, CISA’s directive underscores the urgency for federal agencies to address these vulnerabilities promptly. Cisco has not provided specific details regarding the scope of the attacks or the actions being taken by the attackers. Organizations utilizing Cisco’s Catalyst SD-WAN Manager should prioritize the application of the latest patches to safeguard their systems.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
