PoC exploit surfaces for Cisco SD-WAN zero-day CVE-2026-20127 as agencies warn of active attacks

A public proof-of-concept exploit now circulates for CVE-2026-20127, a critical authentication bypass in Cisco Catalyst SD-WAN Controller and SD-WAN Manager. Cisco Talos says attackers have exploited the flaw in the wild and that the activity likely goes back at least three years, to 2023. Talos tracks the cluster as UAT-8616 and describes it as a […] The post PoC exploit surfaces for Cisco SD-WAN zero-day CVE-2026-20127 as agencies warn of active attacks appeared first on VPN Central.