57
CVEs
3
Critical
35
High
4
KEV
6
PoC
24
Unpatched C/H
26.3%
Patch Rate
0.4%
Avg EPSS
Severity Breakdown
CRITICAL
3
HIGH
35
MEDIUM
19
LOW
0
Monthly CVE Trend
Affected Products (30)
Ios Xe
494
iOS
327
Nx Os
266
Adaptive Security Appliance Software
256
Firepower Threat Defense
215
Secure Firewall Management Center
176
Unified Communications Manager
172
Ios Xr
165
Identity Services Engine
146
Webex Meetings Server
132
Rv110W Firmware
132
Rv130W Firmware
131
Unified Computing System
100
Application Extension Platform
79
Prime Infrastructure
79
Rv215W Firmware
71
Wireless Lan Controller Software
68
Rv215W Wireless N Vpn Router Firmware
68
Anyconnect Secure Mobility Client
64
Catalyst Sd Wan Manager
63
Web Security Appliance
63
Rv130 Firmware
63
Rv130 Vpn Router Firmware
62
Webex Meetings
62
Webex Meetings Online
56
Firepower Extensible Operating System
56
Unity Connection
56
Data Center Network Manager
52
Rv325 Firmware
51
Open Redirect
51
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20182 | Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments. | CRITICAL | 10.0 | 1.6% | 127 |
KEV
PoC
No patch
|
| CVE-2026-20245 | Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis. | HIGH | 7.8 | 0.1% | 114 |
KEV
PoC
No patch
|
| CVE-2026-20230 | Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. No public exploit identified at time of analysis, and exploitation requires the non-default WebDialer service to be enabled. | HIGH | 8.6 | 0.0% | 113 |
KEV
PoC
No patch
|
| CVE-2026-20262 | Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline. | MEDIUM | 6.5 | 1.7% | 109 |
KEV
PoC
No patch
|
| CVE-2022-46292 | HIGH | 7.8 | 0.8% | 60 |
PoC
|
|
| CVE-2026-20223 | Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions. | CRITICAL | 10.0 | 0.0% | 50 |
No patch
|
| CVE-2026-20181 | Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis. | CRITICAL | 9.1 | 0.6% | 46 |
No patch
|
| CVE-2026-20034 | Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence. | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2026-20150 | Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. | HIGH | 8.8 | – | 44 |
No patch
|
| CVE-2026-20224 | Remote file disclosure in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to read arbitrary system files via XML External Entity (XXE) injection in the web UI. The vulnerability affects the management interface with network-accessible attack vector, low complexity, and no required privileges (CVSS 8.6). Attackers can extract sensitive configuration files, credentials, and operational data from the SD-WAN management platform. EPSS data not provided; exploitation status unknown but the unauthenticated remote vector and publicly disclosed Cisco advisory elevate real-world risk for internet-exposed instances. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2026-20156 | Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector. | HIGH | 8.1 | – | 40 |
No patch
|
| CVE-2022-46280 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-43467 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46295 | HIGH | 7.8 | 0.8% | 40 |
|
|
| CVE-2022-46294 | HIGH | 7.8 | 0.8% | 40 |
|