ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) Catalog currently lists one entry: Cisco Catalyst SD-WAN Controller and Manager, with CVE-2026-20127, described as an authentication bypass that could allow an unauthenticated, remote attacker to obtain administrative privileges. The page notes that the vulnerability exists because the peering authentication mechanism is not functioning properly, and exploitation could involve sending crafted requests to an affected system.
It also states that an attacker could log in as an internal, high-privileged, non-root user and access NETCONF to manipulate network configuration. The entry records that the vulnerability is “Unknown” in terms of its presence in ransomware campaigns. Date Added is 25 February 2026 and Due Date is 27 February 2026, with mitigation instructions and related guidance linked to CISA directives and Cisco advisories. The KEV page provides formats for data access, including CSV and JSON, and urges readers to subscribe for updates.