Serial number: AV26-166
Date: February 25, 2026
Updated: March 5, 2026
On February 25, 2026, Cisco published security advisories to address critical vulnerabilities in the following products:
- Cisco Catalyst SD-WAN Controller – multiple versions
- Cisco Catalyst SD-WAN Manager – multiple versions
- Cisco Nexus 3600 and 9500-R Switching Platform – multiple versions
- Cisco Nexus 9000 Series Fabric Switches – multiple versions
- Cisco UCS Software (UCS Manager Mode) – versions prior to 4.3(6e)
- Cisco UCS Software (Intersight Managed Mode) – versions prior to 4.3(6.260003)
Cisco has indicated that CVE-2026-20127 has been exploited.
Update 1
On February 25, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20127 to their Known Exploited Vulnerabilities (KEV) Database.
Update 2
Cisco has indicated that CVE-2026-20128 and CVE-2026-20122 are being actively exploited.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.
- Cisco Security Advisories
- Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
- Cisco Catalyst SD-WAN Vulnerabilities
- Cisco Nexus 3600 and 9500-R Series Switching Platforms Layer 2 Loop Denial of Service Vulnerability
- Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP Denial of Service Vulnerability
- Cisco Nexus 9000 Series Fabric Switches in ACI Mode Denial of Service Vulnerability
- Cisco NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability
- CISA KEV : CVE-2026-20127