Threat Intelligence Report

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

📅 May 14, 2026 📰 blog.talosintelligence.com 🔍 4 CVE(s) referenced

Cisco Catalyst SD-WAN products are under active exploitation by multiple threat actors leveraging both newly discovered and previously patched vulnerabilities to gain unauthorized access, deploy webshells, steal credentials, and establish persistent footholds, underscoring the urgent need for immediate patching and enhanced monitoring.

vendor

CVE-2026-20122, CVE-2026-20128, CVE-2026-20133, CVE-2026-20182

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle