Multiple cybersecurity authorities, including CISA and the Five Eyes alliance, have released urgent guidance regarding the ongoing global exploitation of critical vulnerabilities in Cisco SD-WAN systems. Active exploitation has been reported, particularly concerning the Cisco Catalyst SD-WAN systems, with a significant zero-day vulnerability (CVE-2026-20127) being actively targeted by threat actors. Governments have issued warnings about these attacks dating back to earlier this year, prompting the CISA to demand that agencies patch these critical bugs promptly. As cyber threats continue to escalate, users of Cisco SD-WAN are advised to enhance their security measures and remain vigilant against potential attacks.