Cisco adds another SD-WAN box to max-severity bug advisory

Cisco updated a February security advisory, adding the Catalyst SD-WAN Validator to products affected by CVE-2026-20127. The maximum-severity improper authentication flaw grants attackers persistent root access. Cisco Talos attributed exploitation to group UAT-8616, active since at least 2023, targeting critical infrastructure.