The Hacker News

Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access

Cisco warns CVE-2026-20127 (CVSS 10.0) in SD-WAN is exploited since 2023 to gain admin access; CISA adds it to KEV and mandates urgent fixes.
Network World

Cisco Security refresh: Cisco Security Manager 3.2

This Month Cisco added some blockbuster features to its GUI security software, Cisco Security Manager (CSM). In fact, a recent Network World test rated a previous version of Cisco Security Manager ...

Cisco: Attackers have been entering networks via security gap for three years

Attackers are exploiting a critical vulnerability in Cisco Catalyst SD-WAN Controller. Cisco is also patching other products ...
Bleeping Computer

Cisco fixes Security Manager vulnerabilities with public exploits

Cisco has released security updates to address multiple pre-authentication vulnerabilities with public exploits affecting Cisco Security Manager that could allow for remote code execution after ...
ZDNet

Cisco patches Security Manager flaw

Cisco has released an out-of-cycle patch for a vulnerability in its Security Manager product. The flaw lies in the way Security Manager — which configures firewalls, VPN and intrusion prevention ...

Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023

Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was ...
Ars Technica

Vulnerability in Cisco Smart Software Manager lets attackers change any user password

Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, including those of administrators with ...