{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cisco-sdwan/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cisco-sdwan","vulnerability","exploitation","network"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCISA and its partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems across various organizations globally. The attackers are leveraging CVE-2026-20127, an authentication bypass vulnerability, for initial access. Following successful exploitation of CVE-2026-20127, the attackers escalate privileges and establish long-term persistence within the compromised SD-WAN systems using CVE-2022-20775. In response to this active exploitation, CISA issued Emergency…\u003c/p\u003e\n","date_modified":"2026-02-25T12:00:00Z","date_published":"2026-02-25T12:00:00Z","id":"/briefs/2026-02-cisco-sdwan-vulns/","summary":"Malicious actors are actively exploiting CVE-2026-20127 for initial access and CVE-2022-20775 for privilege escalation and persistence on Cisco SD-WAN systems globally.","title":"Ongoing Exploitation of Cisco SD-WAN Systems","url":"https://feed.craftedsignal.io/briefs/2026-02-cisco-sdwan-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Cisco-Sdwan","version":"https://jsonfeed.org/version/1.1"}