Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos

As new security holes are found in Cisco's Catalyst SD-WAN Manager, some researchers say that companies are focusing too much on one major flaw that has a lot of noise around it and missing another, less serious bug that is just as bad This article explores security holes cisco. . On February 25, Cisco made public six new bugs in its Software-Defined Wide Area Network (SD-WAN) management product.

At least three have been used in the real world. One, CVE-2026-20127, got the best score possible in the Common Vulnerability Scoring System (CVSS), and it looks like one threat actor used it as a zero-day for at least three years.

And that's usually when people say, "Hey, there's public PoC for this, so you really need to pay attention." For a long time, "PoC or GTFO" has been a common saying in the business world." She says that instead of "PoC or GTFO," groups should look for signs of real exploitation in the wild.

"It's hard to tell if fake PoCs are really fake sometimes because they look so real," she says. "As the value of public PoCs goes down, real-world exploitation signals have become much more important." ## Real PoCs Are Worth Something On March 11, a Rapid7 security researcher finally sent out the first real, verifiable PoC for CVE-2026-20127.

Because of this, VulnCheck thinks that real attempts to exploit will happen more often in the wild. It brings up an old question: Are security researchers helping cyberattackers more than they are helping defenders by publishing working PoCs?