Cisco confirmed active exploitation of two additional SD-WAN Manager vulnerabilities (CVE-2026-20122 and CVE-2026-20128) — bringing the total to four exploited Cisco SD-WAN flaws in eight days. The company also patched two maximum-severity (CVSS 10.0) Secure Firewall Management Center flaws enabling unauthenticated remote code execution as root. Hikvision and Rockwell Automation legacy vulnerabilities were added to the KEV catalog as actively exploited. The network management and OT layer is under simultaneous pressure across SD-WAN, firewall management, IP cameras, and industrial controllers.

Links & Resources

• https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html
• https://www.securityweek.com/cisco-warns-of-more-catalyst-sd-wan-flaws-exploited-in-the-wild/
• https://www.helpnetsecurity.com/2026/03/05/cisco-cve-2026-20128-cve-2026-20122-exploited/
• https://www.bleepingcomputer.com/news/security/cisco-flags-more-sd-wan-flaws-as-actively-exploited-in-attacks/
• https://securityaffairs.com/189056/security/cisco-flags-ongoing-exploitation-of-two-recently-patched-catalyst-sd-wan-flaws.html
• https://socradar.io/blog/cisco-catalyst-sd-wan-manager-cve-2026-20122/
• https://thehackernews.com/2026/02/cisco-sd-wan-zero-day-cve-2026-20127.html