CVE-2026-20245 Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Update May 14, 2026: CISA has updated this Alert to include additional vulnerabilities, CVE-2026-20133 and CVE-2026-20182 and associated resources. The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking SD-WAN systems, including Federa...

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

SDNGuardStack: An Explainable Ensemble Learning Framework for High-Accuracy Intrusion Detection in Software-Defined Networks

Software-Defined Networking SDN is another technology that has been developing in the last few years as a relevant technique to improve network programmability and administration. Nonetheless, its centralized design presents a major security issue, which requires effective intrusion detection...

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

MLDAS: Machine Learning Dynamic Algorithm Selection for Software-Defined Networking Security

Network security is a critical concern in the digital landscape of today, with users demanding secure browsing experiences and protection of their personal data. This study explores the dynamic integration of Machine Learning ML algorithms with Software-Defined Networking SDN controllers to enhan...

Siemens APE1808 Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-2025-4229)

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. This plugin...

SDN-SYN PoW: Intent-Aware Adaptive SDN Defense with PoW against Multi-Domain SYN Floods

The stability of Internet services is persistently challenged by the escalating scale of volumetric TCP SYN floods, as conventional defenses like SYN Cookies fail by exacerbating bandwidth depletion under modern attacks. This paper introduces SDN-SYN PoW, a novel defense architecture that...

Exploit for Path Traversal in Cisco Catalyst_Sd-Wan_Manager

🦅 BlueFalconInk — CISA ED 26-03 Compliance Tracker Built by...

Cisco Catalyst SD-WAN Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities. - A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has...

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

CVE-2026-20122

Cisco Catalyst SD-WAN Manager API vulnerability (CVE-2026-20122) affects the Cisco Catalyst SD-WAN Manager, including the Data Collection Agent service. The root cause is improper file handling and privileged API usage on the API interface, enabling an authenticated, remote attacker with valid re...

Safeguard: Security Controls at the Software Defined Network Layer

Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences...

PoC_Software-Defined-Perimeter

PoC...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from the presence of stored cross-site scripting in the web...

CVE-2025-1727

The protocol used for remote linking over RF for End-of-Train and Head-of-Train also known as a FRED relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packets with a software defined radio and issue brake control commands to the EoT device, disrupting...

Ecessa WANWorx WVR-30 跨站请求伪造漏洞

The Ecessa WANWorx WVR-30 is a software-defined WAN appliance from Ecessa Corporation, USA. A cross-site request forgery vulnerability exists in the Ecessa WANWorx WVR-30 versions prior to 10.7.4, which stems from susceptibility to a cross-site request forgery attack that could lead to the...

DeepGuard: Defending Deep Joint Source-Channel Coding against Eavesdropping at Physical-Layer

Deep joint source-channel coding DeepJSCC has emerged as a promising paradigm for efficient and robust information transmission. However, its intrinsic characteristics also pose new security challenges, notably an increased vulnerability to eavesdropping attacks. Existing studies on defending...