Skip to main content

Overview

Cisco released an advisory for a critical authentication bypass vulnerability in the Cisco Catalyst SD-WAN Controller. This vulnerability could enable an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges. 

  • CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass (CVSSv3 10.0) 

Affected versions: 

  • On-Prem Deployment 
  • Cisco SD-WAN Cloud-Pro 
  • Cisco SD-WAN Cloud (Cisco Managed) 
  • Cisco SD-WAN for Government (FedRAMP) 

 

Microsoft released an advisory for a high-severity vulnerability in Microsoft Exchange Server that is being exploited in the wild. The vulnerability can be exploited by an attacker by sending a user a specially crafted email. Arbitrary code can then be executed if the user opens the email in Outlook Web Access and certain interaction conditions are met. 

  • CVE-2026-42897: Improper Neutralisation of Input During Web Page Generation (CVSSv3 8.1) 

Affected versions:  

  • Microsoft Exchange Server Subscription Edition RTM 
  • Microsoft Exchange Server 2019 Cumulative Update 14 & 15 
  • Microsoft Exchange Server 2016 Cumulative Update 23 

 

n8n released patches for three critical vulnerabilities that allow an authenticated user to manipulate application behaviour via prototype pollution, read arbitrary files from the server through argument injection, and bypass previous protections in XML processing. When exploited, these issues can be chained to execute commands, access sensitive data, and fully compromise the affected instance. 

  • CVE-2026-44789: HTTP Request Node Pagination Prototype Pollution to RCE (CVSSv3 9.4) 
  • CVE-2026-44790: Arbitrary File Read via Git Node (CVSSv3 9.4) 
  • CVE-2026-44791: XML Node Prototype Pollution Patch Bypass (CVSSv3 9.4) 

Affected versions: 1.123.43, < 2.22.1, < 2.20.7 

 

Recommended Action   

Organisations are encouraged toreview theappropriate securityadvisory pages and apply the updates:       

Cisco - Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 

Microsoft - CVE-2026-42897 - Security Update Guide - Microsoft - Microsoft Exchange Server Spoofing Vulnerability 

n8n -  Overview · n8n-io/n8n · GitHub 

If youhaveany concerns, or have been affected by a cyber-related issue, report it to us bysubmittingaCyber Concerns Online Reporting Form. 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates