Cisco SD-WAN vulnerabilities (CVE-2026-20127, CVE-2022-20775) in active exploitation

On February 25, 2026, CISA and the UK NCSC warned that two Cisco SD‑WAN vulnerabilities (CVE-2026-20127 — remote auth bypass enabling admin access; CVE-2022-20775 — local privilege escalation) are being actively exploited against federal networks; CISA issued an emergency directive and vendors (including Cisco and Sophos) provided mitigations and detection rules.