ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog currently lists Cisco SD-WAN as a single entry: CVE-2022-20775, described as a Cisco SD-WAN Path Traversal Vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI, potentially enabling arbitrary commands as the root user.
The entry notes that it is related to CWE-25 and CWE-282, and states that it is Unknown whether it has been used in ransomware campaigns. Date Added is 25 February 2026, with a Due Date of 27 February 2026, and the entry includes CISA mitigation instructions and several guidance links for hunting, hardening, and vendor support. The page also directs readers to CISA’s directives and to NVD for CVE-2022-20775, emphasising that organisations should assess exposure and mitigate risks as outlined.
This KEV listing forms part of CISA’s effort to help organisations prioritise vulnerability management and stay informed about vulnerabilities exploited in the wild.