Vulnerabilities ›

CVE-2026-20127

Critical 🇺🇸 CISA KEV ⚡ Exploit Available

Critical Authentication Bypass Vulnerability in Cisco Catalyst SD-WAN Controller and Manager (CVE-2026-20127)

                    Published: Feb 25, 2026                                          ·  Source: CISA_KEV                

CVSS v3

9.0

🔗 NVD Official

📄 Description (English)

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability — Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

🤖 AI Executive Summary

Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass vulnerability allowing unauthenticated remote attackers to gain administrative privileges. Attackers can exploit improper peering authentication to access NETCONF and manipulate network configurations.

📄 Description (Arabic)

تحتوي أجهزة تحكم Cisco Catalyst SD-WAN على خلل في آلية المصادقة المتساوية يسمح للمهاجمين البعيدين بتجاوز المصادقة والحصول على امتيازات إدارية عالية. يمكن للمهاجم إرسال طلبات مصنوعة للوصول إلى حساب مستخدم داخلي عالي الامتياز والوصول إلى NETCONF لتعديل تكوينات الشبكة.

🤖 ملخص تنفيذي (AI)

تحتوي أجهزة تحكم وإدارة Cisco Catalyst SD-WAN على ثغرة حرجة في المصادقة تسمح للمهاجمين البعيدين غير المصرح لهم بالحصول على امتيازات إدارية. يمكن للمهاجمين استغلال آلية المصادقة المعيبة للوصول إلى NETCONF والتلاعب بتكوينات الشبكة.

🤖 AI Intelligence Analysis Analyzed: Apr 13, 2026 14:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1133 T1078 T1556

⚖️ Saudi Risk Score (AI)

9.0

/ 10.0

🔧 Remediation Steps (English)

Immediately apply Cisco security patches for Catalyst SD-WAN Controller and Manager. Implement network segmentation to restrict access to SD-WAN management interfaces. Deploy intrusion detection systems to monitor for exploitation attempts. Enforce strong authentication mechanisms and disable unnecessary peering protocols. Conduct immediate security audit of SD-WAN infrastructure.

🔧 خطوات المعالجة (العربية)

طبق فوراً تصحيحات أمان Cisco لأجهزة تحكم وإدارة Catalyst SD-WAN. نفذ تقسيم الشبكة لتقييد الوصول إلى واجهات إدارة SD-WAN. انشر أنظمة كشف الاختراق لمراقبة محاولات الاستغلال. فرض آليات مصادقة قوية وعطل البروتوكولات المتساوية غير الضرورية. أجر تدقيق أمان فوري لبنية SD-WAN.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1 5.3.1

🔵 SAMA CSF

AC-2 AC-3 AC-6 SI-6

🟡 ISO 27001:2022

A.9.2.1 A.9.2.5 A.9.4.3 A.13.1.1

🔗 References & Sources 0

No references.

📦 Affected Products / CPE 1 entries

Cisco:Catalyst SD-WAN Controller and Manager

📊 CVSS Score

9.0

/ 10.0 — Critical

📋 Quick Facts

Severity Critical

CVSS Score9.0

EPSS2.19%

Exploit ✓ Yes

Patch ✓ Yes

CISA KEV🇺🇸 Yes

KEV Due Date2026-02-27

Published 2026-02-25

Source Feed cisa_kev

🇸🇦 Saudi Risk Score

9.0

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

kev actively-exploited

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-20127

Join CISO Consulting

Introduce Yourself

Sign In Required