Cisco publishes security advisories (AV26-166) for critical vulnerabilities with active exploitation confirmed

Cisco published security advisories numbered AV26-166 on February 25, 2026. The advisories address critical vulnerabilities in several Cisco products including the Catalyst SD-WAN Controller and Manager in multiple versions. The advisories cover the Nexus 3600 and 9500-R Switching Platform as well as the Nexus 9000 Series Fabric Switches in multiple versions. They also address Cisco UCS Software in UCS Manager Mode for versions prior to 4.3(6e) and in Intersight Managed Mode for versions prior to 4.3(6.260003). Cisco has indicated that CVE-2026-20127 has been exploited. The Cybersecurity and Infrastructure Security Agency added CVE-2026-20127 to its Known Exploited Vulnerabilities Database on February 25, 2026. Cisco has indicated that CVE-2026-20128 and CVE-2026-20122 are being actively exploited. On April 20, 2026, the Cybersecurity and Infrastructure Security Agency added CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133 to its Known Exploited Vulnerabilities Database. The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested recommendations, and apply the necessary updates when available.