Cisco SD-WAN CVE-2026-20122: Mass Exploitation, Patch or Die

March 9, 2026March 9, 2026 ~ larshilse ~ Leave a comment

I had literally just wrapped up the Android zero-day write-up — another "patch your damn devices, yes right now" piece — and before I could finish my fourth coffee of the morning, Cisco drops the confirmation that two more vulnerabilities in Catalyst SD-WAN Manager are being actively exploited in the wild. Mass exploitation. Web shells … Continue reading Cisco SD-WAN CVE-2026-20122: Mass Exploitation, Patch or Die

Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023

February 27, 2026February 27, 2026 ~ larshilse ~ Leave a comment

Oh, for fuck's sake. Here we go again. So Cisco drops a zero-day advisory last week — CVE-2026-20127, CVSS score of 10.0. That's a perfect score, for those keeping track at home. A clean, beautiful, maximum-severity authentication bypass in the Cisco Catalyst SD-WAN Controller (that's the thing formerly known as vSmart, because Cisco loves renaming … Continue reading Cisco SD-WAN CVSS 10.0 Zero-Day: Your Network’s Been Open Since 2023