How to find Cisco Catalyst SD-WAN installations on your network

Cisco disclosed a critical vulnerability (CVE-2026-20127) in Catalyst SD-WAN Controller (vSmart) and Manager (vManage) where crafted requests can bypass peering authentication, granting remote unauthenticated attackers administrative access and NETCONF control over the SD‑WAN fabric. The flaw is rated CVSS 10.0, is reported to be actively exploited, affects multiple on‑prem and Cisco‑hosted releases, and Cisco has published fixed versions and upgrade guidance to mitigate the issue.