Affected Vendors This Week
- Cisco: 15 CVEs (2 critical, 8 high, 5 medium)
- Zyxel: 7 CVEs (1 critical, 1 high, 5 medium)
- Linksys: 1 CVE (medium)
This week brought 23 new router and network device vulnerabilities, including three critical issues that demand immediate attention. SD-WAN infrastructure and edge routing devices are the primary targets, with Cisco's SD-WAN platform and Zyxel's enterprise gateways showing the most severe exposure.
Critical Vulnerabilities
Cisco SD-WAN Authentication Bypass (CVE-2026-20127, CVSS 10.0) tops this week's list as a perfect-score vulnerability affecting the Catalyst SD-WAN Controller and SD-WAN Manager. An unauthenticated attacker can exploit a flaw in peering authentication to gain unauthorized access. This is a network-level threat that could compromise entire SD-WAN deployments. Patch immediately.
Cisco SD-WAN API Authentication Bypass (CVE-2026-20129, CVSS 9.8) allows unauthenticated remote attackers to gain administrative access to Catalyst SD-WAN Manager through the API user authentication mechanism. This enables complete system takeover with netadmin privileges. Organizations running SD-WAN should treat this with the same urgency as CVE-2026-20127.
Zyxel EX3510-B0 UPnP Command Injection (CVE-2025-13942, CVSS 9.8) affects enterprise access points and edge routers. The vulnerability allows unauthenticated remote command execution via the UPnP function in firmware versions through 5.17(ABUP.15.1)C0. Zyxel users managing EX3510-B0 devices should upgrade firmware immediately.
High-Severity Issues Requiring Prompt Action
Beyond the three critical flaws, eight high-severity vulnerabilities warrant urgent patching:
- CVE-2026-20126 (CVSS 8.8): Cisco SD-WAN Manager privilege escalation allowing low-privilege local users to gain root access
- CVE-2025-13943 (CVSS 8.8): Zyxel EX3301-T0 post-authentication command injection in log file download (versions through 5.50(ABVY.7)C0)
- CVE-2026-20048 (CVSS 7.7): Cisco Nexus 9000 Series ACI mode SNMP denial of service
- CVE-2026-20128 (CVSS 7.5): Cisco SD-WAN Manager Data Collection Agent privilege escalation
- CVE-2026-20051, CVE-2026-20010, CVE-2026-20033 (CVSS 7.4): Multiple Cisco Nexus platform vulnerabilities affecting EVPN, LLDP, and ACI mode
- CVE-2026-1459 (CVSS 7.2): Zyxel VMG3625-T50B TR-369 certificate download command injection
Cisco's SD-WAN platform is heavily targeted this week with multiple authentication and privilege escalation paths. Organizations with distributed SD-WAN deployments should prioritize Catalyst SD-WAN Manager and Controller updates in their patching schedule.
Medium-Severity Issues
Five medium-severity vulnerabilities round out Zyxel's release, including null pointer dereference issues in the VMG3625-T50B affecting Wake-on-LAN, IP settings, account settings, and certificate downloader CGI programs (CVE-2025-11848, CVE-2025-11847, CVE-2025-11846, CVE-2025-11845). While lower impact, these should be addressed in regular maintenance windows.
Linksys MR9600 and MX4200 users should be aware of CVE-2026-25603, a path traversal vulnerability (CVSS 6.6) that could allow unauthorized file access.
Recommendations
- SD-WAN users: Check Cisco's security advisories for CVE-2026-20127 and CVE-2026-20129 patches immediately. Test in lab environments given the critical nature of these flaws
- Zyxel administrators: Review your EX3510-B0 and EX3301-T0 deployments and stage firmware updates for CVE-2025-13942 and CVE-2025-13943
- All users: Enable SNMP authentication controls and restrict LLDP adjacency where not needed to mitigate network-level attacks