Summarize with:

Share
Cisco updated an advisory to confirm active exploitation of two vulnerabilities affecting Catalyst SD-WAN Manager (formerly vManage), the centralized management plane used to administer large SD-WAN deployments. When a management plane is compromised, attackers can often pivot into the wider network and persist.
Cisco says it has observed active exploitation of:
Cisco also notes these issues impact Catalyst SD-WAN Manager regardless of configuration and recommends upgrading to fixed releases.
Even when exploitation requires credentials, real-world compromise paths are common: credential reuse, stolen VPN creds, infostealers, leaked API keys, or low-privilege access from another foothold.
For organizations running SD-WAN at scale, the management plane is a high-value target because it can:
BleepingComputer — Cisco flags more SD-WAN flaws as actively exploited in attacks (March 2026): https://www.bleepingcomputer.com/news/security/cisco-flags-more-sd-wan-flaws-as-actively-exploited-in-attacks/
Note: This post is a summary for security teams. Always follow the vendor advisory for the authoritative upgrade matrix.
Written by
Research
A DevOps engineer and cybersecurity enthusiast with a passion for uncovering the latest in zero-day exploits, automation, and emerging tech. I write to share real-world insights from the trenches of IT and security, aiming to make complex topics more accessible and actionable. Whether I’m building tools, tracking threat actors, or experimenting with AI workflows, I’m always exploring new ways to stay one step ahead in today’s fast-moving digital landscape.
Get the latest cybersecurity insights in your inbox.
vulnerabilityGitea Docker flaw turns a trusted proxy header into account takeover Gitea has fixed a critical authentication bypass in its official Docker images that could l...
vulnerabilityU-Boot FIT signature flaws expose a fragile pre-OS trust boundary Firmware security company Binarly has disclosed six vulnerabilities in U-Boot's FIT signature...
vulnerabilityMicrosoft Defender RoguePlanet fix closes a SYSTEM-level escalation path Microsoft has released a fix for CVE-2026-50656, the Microsoft Defender vulnerability p...