CISA flags new SD-WAN flaw as actively exploited in attacks

Published:

21 april 2026 om 12:30:50

Alert date:

21 april 2026 om 13:01:02

Source:

bleepingcomputer.com

Network Infrastructure, Zero-Day Vulnerabilities, Critical Infrastructure

CISA has issued an urgent directive requiring U.S. government agencies to secure their systems within four days against a Catalyst SD-WAN Manager vulnerability that is being actively exploited in attacks. The vulnerability affects SD-WAN infrastructure and poses significant risk to government networks. CISA's rapid response indicates the severity and active nature of the threat. Organizations using Catalyst SD-WAN Manager should prioritize patching immediately. The exploit is being used in real-world attacks against critical infrastructure.

Technical details

Information disclosure vulnerability in Catalyst SD-WAN Manager (formerly vManage) due to insufficient file system access restrictions. Unauthenticated remote attackers can access sensitive information by accessing the API of affected systems, allowing them to read sensitive information on the underlying operating system.

Mitigation steps:

Federal agencies must patch systems by Friday, April 24. Follow CISA's Emergency Directive 26-03 guidelines to assess exposure and mitigate risks. Use CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices. Apply applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected products:

Cisco Catalyst SD-WAN Manager (formerly vManage)
Cisco SD-WAN devices
Cisco Secure Firewall Management Center (FMC)

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.