{"vulnerability": "cve-2026-20128", "sightings": [{"uuid": "20bf2f00-3406-4646-9910-46f596ab7b40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mgfcv6epdc23", "content": "", "creation_timestamp": "2026-03-06T12:30:03.374128Z"}, {"uuid": "9f48c7bd-d852-4d59-aebe-b30f120106d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mgbcwkndfq2q", "content": "", "creation_timestamp": "2026-03-04T22:20:10.368084Z"}, {"uuid": "7f6ced43-9335-4df8-b45e-75d43ee3b193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/2/kritische-sicherheitslucken-in-cisco-catalyst-sd-wan-aktiv-ausgenutzt-updates-verfugbar", "content": "", "creation_timestamp": "2026-02-26T11:58:53.000000Z"}, {"uuid": "55c966b1-c3bf-43f0-af0a-73bad23d2fc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/e-kiledjian.bsky.social/post/3mgcr5jawyk2x", "content": "", "creation_timestamp": "2026-03-05T12:07:17.441553Z"}, {"uuid": "a78aa9ac-cc84-4b01-956d-5a451b35ac43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-08)", "content": "", "creation_timestamp": "2026-03-08T00:00:00.000000Z"}, {"uuid": "4ec1fd7d-eafe-4a82-a3ec-bf4baaa7af25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0071", "content": "", "creation_timestamp": "2026-03-06T11:07:02.000000Z"}, {"uuid": "ed87dfd4-6ae3-4d9a-b9f2-adcf2260abf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mgik6iv3ac23", "content": "", "creation_timestamp": "2026-03-07T19:18:31.561673Z"}, {"uuid": "65c171f5-945b-4cec-9618-8acce5ec20a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://infosec.exchange/users/edwardk/statuses/116176479912988309", "content": "", "creation_timestamp": "2026-03-05T12:06:41.335310Z"}, {"uuid": "c08f9fbf-3e7a-4ded-9733-60e7e52a13ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-09)", "content": "", "creation_timestamp": "2026-03-09T00:00:00.000000Z"}, {"uuid": "1d6991ed-84f5-4b73-afd5-add63b7e9af6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mgepk4y3yk2h", "content": "", "creation_timestamp": "2026-03-06T06:43:53.998274Z"}, {"uuid": "2f231039-aeee-4963-bba8-99d60b2924e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://threatintel.cc/2026/03/05/cisco-flags-more-sdwan-flaws.html", "content": "", "creation_timestamp": "2026-03-05T11:06:47.000000Z"}, {"uuid": "71ad014e-37f0-4e9c-8496-2caf48252a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-07)", "content": "", "creation_timestamp": "2026-03-07T00:00:00.000000Z"}, {"uuid": "cbb7ac3a-25db-4ce7-a844-2ead19d5dde8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/hack4career.com/post/3mgfjdl24bc25", "content": "", "creation_timestamp": "2026-03-06T14:25:28.093813Z"}, {"uuid": "fe3ddf05-4ce9-4262-9a36-96d26b9ae234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-06)", "content": "", "creation_timestamp": "2026-03-06T00:00:00.000000Z"}, {"uuid": "bc3c9180-b69f-4bf9-ab61-01b172458be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/ehcgroup.bsky.social/post/3mgfvck6wfs26", "content": "", "creation_timestamp": "2026-03-06T17:59:40.361401Z"}, {"uuid": "9cb4d656-6180-4beb-b4d1-aa1ee9205f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3mgft3sath72m", "content": "", "creation_timestamp": "2026-03-06T17:20:05.198636Z"}, {"uuid": "cf5d02ea-7edf-4f7f-894e-a49fc6a2c0bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/sctocs.bsky.social/post/3mgfvn535zs2t", "content": "", "creation_timestamp": "2026-03-06T18:05:43.036120Z"}, {"uuid": "ec97b2f5-b862-472a-84b5-b30edec44715", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/solidot.bsky.social/post/3mgd7vksqzs2o", "content": "", "creation_timestamp": "2026-03-05T16:31:14.640525Z"}, {"uuid": "6c401869-561e-4e41-96c3-d91d2d68852d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mgg7kcsqtw2q", "content": "", "creation_timestamp": "2026-03-06T21:03:00.389389Z"}, {"uuid": "a51ab98c-d446-4902-adc9-ec98cf405778", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/firstpasslab.bsky.social/post/3mgdfudtaec2t", "content": "", "creation_timestamp": "2026-03-05T18:17:57.005069Z"}, {"uuid": "58869f9c-6934-43e9-825d-eab4728fa8af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/kriittisia-haavoittuvuuksia-cisco-catalyst-sd-wan-tuotteissa", "content": "", "creation_timestamp": "2026-02-25T18:43:06.000000Z"}, {"uuid": "dccd7b6b-69a5-4f6e-be97-77d9b2fe4878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-06)", "content": "", "creation_timestamp": "2026-03-06T00:00:00.000000Z"}, {"uuid": "53009f4c-2b91-4f69-a6e6-dd803edd01eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mfp5rtagrx26", "content": "", "creation_timestamp": "2026-02-25T17:00:08.671305Z"}, {"uuid": "c3f74f7b-7221-4f7e-987a-032f69438a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-10)", "content": "", "creation_timestamp": "2026-03-10T00:00:00.000000Z"}, {"uuid": "188ba8c7-2a8e-4551-a8d4-08518bd30cb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfp7zskmoa2x", "content": "", "creation_timestamp": "2026-02-25T17:40:22.758773Z"}, {"uuid": "f828cccb-1613-48e3-9aea-180ec28633b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpa2lptbi2x", "content": "", "creation_timestamp": "2026-02-25T17:40:49.070186Z"}, {"uuid": "e6ff67f8-e4bb-44f4-a352-4f4c1e24cc41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-19)", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "3fd13e7f-3ed3-402e-92e4-530d64f57ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-20)", "content": "", "creation_timestamp": "2026-03-20T00:00:00.000000Z"}, {"uuid": "3972d397-6fa0-49a9-b803-c1cdeb3efdf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116250849364616830", "content": "", "creation_timestamp": "2026-03-18T15:19:49.502256Z"}, {"uuid": "570429fa-77bc-43ff-a62c-116e117408cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-166", "content": "", "creation_timestamp": "2026-02-25T20:03:01.000000Z"}, {"uuid": "41e5bbf9-a752-4209-94c6-0fcd3645855f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevato-sfruttamento-di-vulnerabilita-in-prodotti-cisco", "content": "", "creation_timestamp": "2026-02-25T17:29:05.000000Z"}, {"uuid": "e013d363-ca1b-43aa-8db5-d502a4d52a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2026-ACT-010/", "content": "", "creation_timestamp": "2026-03-09T00:00:00.000000Z"}, {"uuid": "1e2b998e-b9d8-44eb-949e-9948da176f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.ncsc.nl/alerts/actief-misbruik-van-kwetsbaarheden-in-cisco-producten", "content": "", "creation_timestamp": "2026-03-06T15:20:00.000000Z"}, {"uuid": "dcac2404-b7a9-464e-b436-781894a19bff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/b24f0b20-207c-4881-af91-eb1d15b224ba", "content": "", "creation_timestamp": "2026-02-25T16:34:22.000000Z"}, {"uuid": "ba4b1084-df4c-49ee-8852-5b9da788464c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.cert.si/si-cert-2026-01/", "content": "", "creation_timestamp": "2026-02-25T19:26:43.000000Z"}, {"uuid": "8d2e75f8-0a03-4de7-a572-6642f90053e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-19)", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "50a34af1-b5ab-4dde-a549-e8290b12b6eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://www.cert.se/2026/02/kritisk-nolldagssarbarhet-i-cisco-catalyst-sd-wan.html", "content": "", "creation_timestamp": "2026-02-26T07:45:00.000000Z"}, {"uuid": "1e1ae5ae-3e2d-4b26-9faf-5995db7e8ccd", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9ef4bbca-93a6-4add-bce2-2196e27c7ec5", "content": "", "creation_timestamp": "2026-04-20T20:00:03.483374Z"}, {"uuid": "7932c93b-439f-4bd7-914b-14f3743683e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116449675412278045", "content": "", "creation_timestamp": "2026-04-22T18:03:54.406119Z"}, {"uuid": "959a6831-54b9-4e44-91ed-e5f08688f8fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-multiple-critical-vulnerabilities-several-cisco-products-including-cisco-secure", "content": "", "creation_timestamp": "2026-04-21T06:56:53.000000Z"}, {"uuid": "91358124-5342-4835-b45c-16736e4f7a39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "https://t.me/thehackernews/8543", "content": "\u26a0\ufe0f Cisco confirms active exploitation of two Catalyst SD-WAN Manager flaws.\n\n\u25b6 CVE-2026-20122 enables arbitrary file overwrite via API credentials.\n\u25b6CVE-2026-20128 can expose data and grant DCA privileges after login.\n\n\ud83d\udd17 Read \u2192 https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html\n\nPatches are out across multiple releases.", "creation_timestamp": "2026-03-05T15:23:45.000000Z"}, {"uuid": "c23c0113-8d7e-46a3-85c4-8393ead78e44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/al26-012-critical-vulnerability-affecting-cisco-catalyst-sd-wan-cve-2026-20182", "content": "", "creation_timestamp": "2026-05-15T06:03:19.000000Z"}, {"uuid": "85a734d4-046e-4b29-9834-0a038487d72c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "https://t.me/true_secator/7969", "content": "Cisco \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u0435\u0442 \u043e \u043d\u0430\u0447\u0430\u043b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u0432\u043e\u043b\u043d\u044b \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Catalyst SD-WAN \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.\n\n25 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0443\u0432\u0435\u0434\u043e\u043c\u0438\u043b \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u0434\u043b\u044f\u00a0\u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 Catalyst SD-WAN, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u043c \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root.\u00a0\n\n\u041f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 5 \u043c\u0430\u0440\u0442\u0430 Cisco \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 \u0441\u0432\u043e\u0435 \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0435\u0439 \u0441\u0442\u0430\u043b\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043e\u0431 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u0432\u0443\u0445 \u0438\u0437 \u043f\u044f\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439: CVE-2026-20128 \u0438 CVE-2026-20122.\n\n\u041f\u0435\u0440\u0432\u0430\u044f, CVE-2026-20128, - \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0430\u0433\u0435\u043d\u0442\u0430 \u0441\u0431\u043e\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (DCA) \u0432 Catalyst SD-WAN Manager. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f DCA \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0414\u0440\u0443\u0433\u0430\u044f, CVE-2026-20122, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e API Catalyst SD-WAN Manager. \u041e\u043d\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n\u0412 Cisco \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0438 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u0432 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0438 \u0443\u043a\u0430\u0437\u0430\u043d\u043e, \u0447\u0442\u043e \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0435\u043d\u044b \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438.\n\n\u041d\u043e \u0441\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0442\u0430\u0442\u0443\u0441\u0430 \u043f\u0440\u043e\u0438\u0437\u043e\u0448\u043b\u043e \u043f\u0440\u0438\u043c\u0435\u0440\u043d\u043e \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0434\u0435\u043b\u044e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Cisco \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439\u00a00-day, \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0435\u0439 Catalyst SD-WAN.\n\nCVE-2026-20127 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435.\n\n\u0422\u043e\u0433\u0434\u0430 CISA \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u0430, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u044f\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u0441 \u0431\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e Catalyst, CVE-2022-20775, \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0433\u043e \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\nCisco Talos \u0441\u0432\u044f\u0437\u0430\u043b\u0430 \u044d\u0442\u0438 \u0430\u0442\u0430\u043a\u0438 \u0441 UAT-8616, \u043f\u0440\u043e\u0434\u0432\u0438\u043d\u0443\u0442\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u043c \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2023 \u0433\u043e\u0434\u0430.\u00a0\u041d\u043e \u043d\u0435\u044f\u0441\u043d\u043e, \u0431\u044b\u043b\u0438 \u043b\u0438 \u0432\u0441\u0435 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Catalyst SD-WAN \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0432 \u043e\u0434\u043d\u043e\u0439 \u0438\u043b\u0438 \u0440\u0430\u0437\u043d\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445.\u00a0\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Cisco \u0442\u0430\u043a\u0436\u0435 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0434\u0435\u0442\u0435\u043a\u0442\u0438\u043b\u0430 \u0430\u0442\u0430\u043a\u0438 \u0441 \u043d\u0443\u043b\u044f\u043c\u0438,\u00a0\u043f\u0440\u043e\u0432\u043e\u0434\u0438\u043c\u044b\u043c\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 APT, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a UAT-9686. \u0412 \u043e\u0431\u0449\u0435\u043c, \u0431\u0443\u0434\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c.", "creation_timestamp": "2026-03-05T17:00:08.000000Z"}, {"uuid": "72dbc48d-046f-4e7c-9734-ed427206ed3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "exploited", "source": "https://t.me/cKure/16043", "content": "\u25a0\u25a0\u25a1\u25a1\u25a1 \u26a0\ufe0f Cisco confirms active exploitation of two Catalyst SD-WAN Manager flaws.\n\n\u25b6 CVE-2026-20122 enables arbitrary file overwrite via API credentials.\n\u25b6CVE-2026-20128 can expose data and grant DCA privileges after login.\n https://thehackernews.com/2026/03/cisco-confirms-active-exploitation-of.html", "creation_timestamp": "2026-03-05T20:45:14.000000Z"}, {"uuid": "c7053533-c75c-4a95-92ee-7263675c6f71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20128", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mkevo53epc2s", "content": "", "creation_timestamp": "2026-04-26T06:14:16.878002Z"}]}