## https://sploitus.com/exploit?id=FCD02B49-B153-51E6-81DF-91DA1985F36C
# CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access.
This repository contains a working proof-of-concept exploit for CVE-2026-20127, a critical pre-authentication vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) that has been actively exploited in the wild since 2023.
This vulnerability has been actively exploited in the wild since 2023.
The threat actor cluster (UAT-8616) , described by Cisco as a "highly sophisticated cyber threat actor," has been using this zero-day to compromise Cisco SD-WAN deployments globally.
## What attackers can do:
Create rogue peer joined to management/control plane
Bypass authentication entirely
Obtain administrative privileges
Access NETCONF on port 830
Manipulate network configuration for SD-WAN fabric
## Demo About The Script Detector/Scanner.
https://t.me/p3Nt3st3rsTAr
## This exploit is provided for educational and defensive research purposes only. By downloading or using this code, you acknowledge that:
You will only test on systems you own or have explicit written permission to test
You will not use this for any illegal, unauthorized, or malicious activities
You accept full responsibility for any consequences resulting from the use of this code
ZeroZenX not liable for any damages or legal issues arising from misuse