The Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalogue this week. The additions emphasize an ongoing trend of attackers targeting network management infrastructure.
Among the newly added vulnerabilities are three critical flaws affecting Cisco Catalyst SD-WAN Manager: CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133. These vulnerabilities are being actively exploited in the wild, allowing attackers to compromise network management planes. Federal Civilian Executive Branch (FCEB) agencies are mandated to patch these vulnerabilities by their respective due dates, but all organizations are strongly urged to prioritize mitigation.
How to check if you’re affected
- Scope: Organizations utilizing Cisco Catalyst SD-WAN Manager for their network infrastructure. Check your deployed versions against Cisco’s security advisories for CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133.
- If your version matches the affected scope, you are vulnerable to active exploitation.
- Network administrators should immediately apply the corresponding software updates provided by Cisco.
- Review your network management interfaces to ensure they are not unnecessarily exposed to the public internet.