Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software-defined networking (SD-WAN) has transformed enterprise infrastructure, enabling dynamic connectivity between sites with centralized management and control. But when the control plane itself becomes vulnerable, network integrity is no longer a given.

On February 25, 2026, Cisco released fixes for a maximum severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage), tracked as CVE-2026-20127. The flaw arises from a broken peering authentication mechanism in the control-plane authentication workflow. This vulnerability potentially allows a remote, unauthenticated threat actor to bypass authentication and obtain administrative privileges on an affected system.

CVE-2026-20127 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (vSmart) and Cisco Catalyst SD-WAN Manager (vManage). The flaw stems from improper validation within the control plane and management plane authentication mechanisms, allowing a remote, unauthenticated attacker to submit crafted requests that bypass standard authentication controls. Successful exploitation results in access to the system as a high-privileged internal user account.

The Notepad++ incident is a reminder that the tools we use to build our businesses can also be used to break them.

OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you to log in with popular accounts such as a social media login, Microsoft or Google account.

CVE-2026-22769 is a hardcoded credential vulnerability affecting Dell RecoverPoint for VMs, a disaster recovery orchestration platform used to manage replication and failover of virtualized workloads. The issue stems from static authentication credentials embedded within a product component. Because these credentials are not uniquely generated per deployment and cannot be changed by administrators, they introduce a structural authentication weakness.

A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially crafted configuration object, attackers can trigger a fatal runtime error inside Axios’s internal request handling logic, causing the Node.js process to crash instantly.