Cisco Catalyst SD-WAN Manager Bug Exploited, New CVE Identified
CISA Adds Eight New Vulnerabilities to Its Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
New Vulnerabilities
- CVE-2026-20133: A critical bug in Cisco’s Catalyst SD-WAN Manager that has been exploited in the wild.
- CVE-2023-27351: A vulnerability in PaperCut NG/MF exploited by the Lace Tempest group, an affiliate of the Clop ransomware operation, since early 2023.
- CVE-2024-27199: A flaw in JetBrains TeamCity leveraged by attackers since early 2024.
- CVE-2025-2749: A vulnerability in Kentico Xperience with no reported instances of exploitation.
- CVE-2025-32975: A bug affecting Quest KACE Systems Management Appliances observed by Arctic Wolf in customer environments in March 2026.
- CVE-2025-48700: A zero-click cross-site scripting vulnerability in Synacor’s Zimbra Collaboration Suite exploited since late September 2025 by the State Special Communications Service of Ukraine.
- CVE-2026-20122: A vulnerability in Cisco’s SD-WAN Manager confirmed to be used in attacks.
- CVE-2026-20128: A vulnerability in Cisco’s SD-WAN Manager confirmed to be used in attacks.
According to CISA, all US federal civilian agencies are mandated to address these eight vulnerabilities by April 20, 2026.
CISA has emphasized the importance of addressing these vulnerabilities to prevent potential exploitation and ensure the security of sensitive information.
About Author
English