#nation-state

Three Years. CVSS 10.0. Your WAN Was Never Yours.

CVE-2026-20127 is a maximum-severity auth bypass in Cisco Catalyst SD-WAN that nation-state actors have been exploiting since 2023. Cisco disclosed it last week.