VulnCheck: Threat of high-severity Cisco SD-WAN bug potentially missed | brief | SC Media - SC Media

Cybersecurity Dive reports that organizations' security teams may be disregarding remediation of the high-severity Cisco Catalyst SD-WAN vulnerability, tracked as CVE-2026-20133, after warnings that only emphasized the targeting of the zero-day, tracked as CVE-2026-20127. Intrusions aimed at CVE-2026-20133, which is associated with inadequate file system access restrictions, may be a more pressing threat, according to an analysis from VulnCheck. Researchers found that ZeroZenX Labs' proof-of-concept for CVE-2026-20127 did not affect the said flaw but other bugs, including CVE-2026-20133, CVE-2026-20128, and CVE-2026-20122. "The security community may be focusing too narrowly on CVE-2026-20127, while other SD-WAN vulnerabilities may also present notable risk and could be overlooked due to misattributed PoC exploits and incomplete detections," said VulnCheck Vice President of Security Research Caitlin Condon. Such multi-pronged targeting of vulnerable Cisco SD-WAN devices was confirmed by Defused researchers. "So from that sense our data supports VulnCheck's framing: 20127 is generating enormous automated noise with a widely circulated PoC, while 20133 activity, if present, has a far quieter footprint," said Defused founder and CEO Simo Kohonen.