Overview
Description
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Statistics
- 16 Posts
- 3 Interactions
Last activity: 2 hours ago
Fediverse
Cisco Talos is tracking active exploitation of CVE-2026-20127 affecting Cisco Catalyst SD-WAN Controllers. Customers are strongly advised to review our latest threat advisory (https://cs.co/9001hs79z) and follow the published guidance (https://cs.co/9001hs7aL) to protect your environment.
Cisco SDWAN Controller vulnerability in the wild and at the network edge. CVE-2026-20127 by UAT-8616. Heads up. https://blog.talosintelligence.com/uat-8616-sd-wan/ #threatintelligence #cybersecurity #cisco
Bluesky
Cisco released emergency patches for a critical zero-day vulnerability (CVE-2026-20127) in Catalyst SD-WAN that allows unauthenticated remote attackers to bypass authentication and gain administrative privileges.
📢 Exploitation active de CVE-2026-20127 dans Cisco Catalyst SD‑WAN par l’acteur UAT‑8616
📝 Contexte: Cisco Talos signale une exploitation activ…
https://cyberveille.ch/posts/2026-02-26-exploitation-active-de-cve-2026-20127-dans-cisco-catalyst-sd-wan-par-lacteur-uat-8616/ #CVE_2026_20127 #Cyberveille
🛡️ Using BaseFortify? Add Cisco Catalyst SD-WAN Manager or Controller as a component and instantly see if you're vulnerable to CVE-2026-20127.
Clear risk insight. Practical mitigation guidance.
Stay ahead, not reactive.
#BaseFortify #VulnerabilityManagement #SMB #CyberDefense
🚨 NCSC warns of large-scale exploitation of critical Cisco SD-WAN flaw CVE-2026-20127 (CVSS 10.0). Actively exploited since 2023. Patch immediately.
Full breakdown & remediation steps:
basefortify.eu/posts/2026/0...
#CyberSecurity #Cisco #CVE #ZeroDay
A critical zero-day vulnerability in Cisco Catalyst SD-WAN (CVE-2026-20127) has been actively exploited since 2023, allowing attackers to compromise controllers and inject malicious peers into networks.
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending a crafted request. thehackernews.com/2026/02/ci...
📌 CVE-2026-20127 - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly... https://www.cyberhub.blog/cves/CVE-2026-20127
⚠️ CISA added CVE-2026-20127 to its KEV catalog and issued ED 26-03 after active exploitation of Cisco Catalyst SD-WAN. An auth bypass lets unauthenticated attackers gain admin access and manipulate SD-WAN configs. Patch now. Modat Magnify Query: web.html~"Cisco SD-WAN" OR web.html~"Cisco Catalyst"
Cisco SD-WAN ゼロデイ脆弱性 CVE-2026-20127 が 2023 年から管理者アクセスに悪用される
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access #HackerNews (Feb 26)
thehackernews.com/2026/02/cisc...
The latest update for #ArcticWolf includes "CVE-2026-20127: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability" and "Welcoming Sevco Security: Expanding the Aurora Platform with Visionary Exposure Management".
#cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
Five Eyes agencies warn: Cisco SD-WAN actively exploited by UAT-8616.
CVE-2026-20127 & CVE-2022-20775 enable root access, rogue peering & long-term persistence.
Immediate patching and threat hunting advised.
Is your SD-WAN environment hardened?
#CyberSecurity #Cisco #SDWAN #ThreatIntel #CISA
~Sophos~
CISA warns two Cisco SD-WAN vulnerabilities are actively exploited, allowing for authentication bypass and privilege escalation.
-
IOCs: CVE-2026-20127, CVE-2022-20775
-
#CVE202620127 #Cisco #ThreatIntel
Overview
- anthropics
- claude-code
03 Oct 2025
Published
03 Oct 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.10%
KEV
Description
Claude Code is an agentic coding tool. Versions before 1.0.111 were vulnerable to Code Injection due to a bug in the startup trust dialog implementation. Claude Code could be tricked to execute code contained in a project before the user accepted the startup trust dialog. Exploiting this requires a user to start Claude Code in an untrusted directory. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. This issue is fixed in version 1.0.111.
Statistics
- 3 Posts
- 17 Interactions
Last activity: 11 hours ago
Fediverse
Bluesky
📢 Vulnérabilités critiques dans Claude Code : exécution de code et vol de clés API via configurations de dépôt
📝 Selon Che…
https://cyberveille.ch/posts/2026-02-26-vulnerabilites-critiques-dans-claude-code-execution-de-code-et-vol-de-cles-api-via-configurations-de-depot/ #CVE_2025_59536 #Cyberveille
Overview
Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
Statistics
- 4 Posts
Last activity: 4 hours ago
Fediverse
Bluesky
🔎 The exploit bypasses authentication, grants admin access, downgrades the system, then escalates to root via CVE-2022-20775 — restoring the original version while keeping full control.
Internet-exposed SD-WAN management = highest risk.
#NetworkSecurity #ThreatIntel #SDWAN #Infosec
Five Eyes agencies warn: Cisco SD-WAN actively exploited by UAT-8616.
CVE-2026-20127 & CVE-2022-20775 enable root access, rogue peering & long-term persistence.
Immediate patching and threat hunting advised.
Is your SD-WAN environment hardened?
#CyberSecurity #Cisco #SDWAN #ThreatIntel #CISA
Description
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Statistics
- 2 Posts
- 10 Interactions
Last activity: 16 hours ago
Fediverse
Щли недели с публикации данных о CVE-2026-2441, а Яндекс до сих пор не выпустил патч для своего браузера.
Il fallait la trouver celle là !
Utiliser des CSS pour extraire des valeurs (par ex un token de protection contre les CSRF) !
https://www.sitepoint.com/zero-day-css-cve-2026-2441-security-vulnerability/
Overview
Description
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Statistics
- 3 Posts
Last activity: 10 hours ago
Fediverse
Bluesky
Critical RCE Vulnerability in Apache Log4j Exposed: How Attackers Exploit and How to Mitigate + Video
Introduction: The recent disclosure of a critical remote code execution (RCE) vulnerability in Apache Log4j (CVE-2021-44228), dubbed "Log4Shell," has sent shockwaves through the cybersecurity…
Overview
Description
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
Statistics
- 1 Post
- 4 Interactions
Last activity: 13 hours ago
Fediverse
On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here https://github.com/atredispartners/proof-of-concept/tree/main/cve-2025-36632
Overview
Description
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Statistics
- 1 Post
- 3 Interactions
Last activity: 7 hours ago
Fediverse
Veritasium covers the #xz compromise. This is well done. It starts off explaining open source. It explains encryption and compression. It explains software dependencies. It explains how the back door would have worked. Good watch.
#Backdoor #Veritasium #CVE #CVE20243094
https://youtu.be/aoag03mSuXQ
Overview
Description
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz[]' values using time-based blind SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
- 2 Interactions
Last activity: 6 hours ago
Overview
Description
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or cause denial of service.
Statistics
- 1 Post
- 1 Interaction
Last activity: 9 hours ago
Overview
- Web-ofisi
- Firma Rehberi
22 Feb 2026
Published
23 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.07%
KEV
Description
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract sensitive database information or perform time-based blind SQL injection attacks.
Statistics
- 1 Post
- 1 Interaction
Last activity: 9 hours ago