272
CVEs
22
Critical
66
High
11
KEV
12
PoC
87
Unpatched C/H
0.7%
Patch Rate
0.5%
Avg EPSS
Severity Breakdown
CRITICAL
22
HIGH
66
MEDIUM
182
LOW
2
Monthly CVE Trend
Affected Products (30)
Ios Xe
31
Identity Services Engine
16
Ios Xr
13
Unified Contact Center Express
11
Catalyst Sd Wan Manager
9
Evolved Programmable Network Manager
8
Prime Infrastructure
8
Secure Firewall Management Center
7
Webex Meetings
6
Nexus Dashboard
5
Firepower Threat Defense
5
Catalyst Center
5
Adaptive Security Appliance Software
5
Java
5
Jwt Attack
5
Crosswork Network Controller
4
Asyncos
4
Application Policy Infrastructure Controller
4
Open Redirect
4
Unified Communications Manager
4
Desk Phone 9851 Firmware
3
Desk Phone 9871 Firmware
3
Cisco Catalyst Sd Wan Manager
3
Common Services Platform Collector
3
SSH
3
Desk Phone 9841 Firmware
3
Unified Intelligence Center
3
TLS
3
Desk Phone 9861 Firmware
3
Video Phone 8875 Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-20281 | Cisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthenticated remote attackers to execute arbitrary code as root on the underlying operating system. With EPSS 30.4% and KEV listing, this vulnerability targets the network access control platform that governs who and what can access the enterprise network — compromising ISE means controlling network admission for the entire organization. | CRITICAL | 10.0 | 30.4% | 150 |
KEV
PoC
No patch
|
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | CRITICAL | 10.0 | 0.6% | 141 |
KEV
PoC
No patch
|
| CVE-2026-20182 | Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments. | CRITICAL | 10.0 | 1.6% | 127 |
KEV
PoC
No patch
|
| CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | CRITICAL | 10.0 | 2.6% | 113 |
KEV
PoC
No patch
|
| CVE-2026-20128 | Privilege escalation in Cisco Catalyst SD-WAN Manager (versions prior to 20.18) enables authenticated local attackers with valid vmanage credentials to obtain Data Collection Agent (DCA) user privileges by reading an unprotected credential file from the filesystem. Confirmed actively exploited (CISA KEV) with publicly available exploit code despite low EPSS score (0.02%), indicating targeted attacks rather than widespread scanning. High-privileged initial access requirement (PR:H) and high attack complexity (AC:H) limit exploitability, but scope change (S:C) enables lateral movement to other SD-WAN systems. | HIGH | 7.5 | 0.0% | 108 |
KEV
PoC
No patch
|
| CVE-2026-20133 | Insufficient filesystem access controls in Cisco Catalyst SD-WAN Manager expose sensitive operating system information to authenticated remote attackers through API access. An attacker with valid credentials can exploit this vulnerability to read confidential data from the underlying system without requiring user interaction. No patch is currently available for this medium-severity information disclosure vulnerability. | MEDIUM | 6.5 | 0.0% | 103 |
KEV
PoC
No patch
|
| CVE-2026-20122 | Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to overwrite arbitrary files on the affected system and gain vmanage user priv (CVSS 5.4). | MEDIUM | 5.4 | 0.0% | 97 |
KEV
PoC
No patch
|
| CVE-2026-20045 | Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | HIGH | 8.2 | 1.0% | 92 |
KEV
No patch
|
| CVE-2025-20352 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with low. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. | HIGH | 7.7 | 2.0% | 90 |
KEV
No patch
|
| CVE-2026-20079 | Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0. | CRITICAL | 10.0 | 0.2% | 90 |
PoC
No patch
|
| CVE-2025-20282 | CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated attackers to upload arbitrary files to privileged directories and execute them as root via an internal API lacking file validation. This is a CVSS 10.0 vulnerability with complete system compromise impact; organizations running affected Cisco ISE deployments face immediate risk of total infrastructure takeover without authentication requirements or user interaction. | CRITICAL | 10.0 | 0.3% | 50 |
No patch
|
| CVE-2024-45208 | Critical remote code execution vulnerability in Versa Director SD-WAN orchestration platform affecting the Cisco NCS application service bound to TCP ports 4566 and 4570. An unauthenticated network attacker can exploit weak HA authentication mechanisms to gain unauthorized administrative access and execute arbitrary code with CVSS 9.8 severity. While no active exploitation has been confirmed, third-party proof-of-concept code has been publicly disclosed, significantly elevating real-world risk. | CRITICAL | 9.8 | 1.2% | 50 |
No patch
|
| CVE-2025-20309 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | CRITICAL | 10.0 | 0.2% | 50 |
|
| CVE-2026-20223 | Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions. | CRITICAL | 10.0 | 0.0% | 50 |
No patch
|
| CVE-2026-20147 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating | CRITICAL | 9.9 | 0.2% | 50 |
No patch
|