A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said that once the vulnerability was exploited, “the malicious actors add[ed] a rogue peer, and eventually gain[ed] root access to establish long-term persistence in SD-WANs.” “This vulnerability exists because the peering authentication mechanism in an affected … More → The post Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) appeared first on Help Net Secu...