Five Eyes issue emergency directive on exploited Cisco SD-WAN zero-day
Summary
The Five Eyes alliance issued an emergency directive regarding active exploitation of a zero-day vulnerability, CVE-2026-20127, in Cisco SD-WAN controllers. Threat actors are leveraging this flaw to gain unauthorized, administrative-level access to SD-WAN control systems, potentially manipulating network configurations and establishing persistent access.
IFF Assessment
FOE
Active exploitation of a zero-day vulnerability is bad news for defenders.
Severity
10.0
Critical
Defender Context
Defenders need to immediately patch affected Cisco Catalyst SD-WAN controllers. Successful exploitation could lead to significant network compromise and persistent access for attackers. Given the Five Eyes directive, this is likely a widespread and serious threat.