Threat Advisories - NVD Disclosed February 25, 2026

CVE-2026-22719

VMware Aria Operations could allow an external attacker to take control of the server

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An external attacker can exploit a flaw in VMware Aria Operations during support-assisted migration to execute unauthorized commands. This allows them to take full control of the platform, granting access to sensitive data and potentially compromising the organization's wider virtual infrastructure.

NVD published: February 25, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2026-20133

Cisco Catalyst SD-WAN could allow an internal attacker to read sensitive system information

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An internal attacker with administrative access to Cisco Catalyst SD-WAN can bypass protections to access restricted system files. This could enable them to steal network credentials and configuration data, potentially leading to unauthorized control over the organization's network infrastructure.

NVD published: February 25, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2026-20128

Attacker can steal Cisco Catalyst SD-WAN Manager passwords to gain admin control

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Cisco Catalyst SD-WAN Manager may allow an attacker to steal credentials and gain control of your network. This is a high-risk vulnerability actively exploited by attackers, demanding immediate attention.

NVD published: February 25, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2026-20127

Attackers can take control of Cisco SD-WAN networks by bypassing logins

Halo Surface Signal: 3 out of 5 — possibly public-facing.

Cisco Catalyst SD-WAN controllers are vulnerable, allowing an external attacker to bypass security checks and gain full administrative access. This enables them to manipulate enterprise network settings, creating a serious risk of unauthorized traffic control or disruption across the organization.

NVD published: February 25, 2026 • CISA KEV

CVE advisoryKnown Exploit

CVE-2026-20122

Cisco SD-WAN Manager allows attackers to overwrite critical files and gain admin access.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

An internal attacker with limited access to the Cisco Catalyst SD-WAN Manager can overwrite system files to escalate their privileges. This could grant them unauthorized administrative control over the company's critical network management infrastructure.

NVD published: February 25, 2026 • CISA KEV

CVE advisoryCRITICAL

CVE-2026-2624

Antikor NGFW Authentication Bypass Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical authentication bypass vulnerability exists in ePati Antikor Next Generation Firewall, potentially allowing unauthorized access to critical functions. This could lead to altered firewall behavior or system compromise if the vulnerability is reachable. It is important to identify affected instances and their e

NVD published: February 25, 2026