(TLP:CLEAR) Weekly Vulnerabilities to Prioritize – February 26, 2026
Created: Thursday, February 26, 2026 - 12:02
Categories: Cybersecurity, Security Preparedness
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities. Members are encouraged to regularly review these vulnerabilities, many of which are often included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVSS v3.1: 10.0
CVE: CVE-2026-20127
Description: A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. CISA has added this vulnerability to its KEV catalog.
Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVSS v3.1: 7.8
CVE: CVE-2022-20775
Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Source: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
SolarWinds Vulnerabilities
CVSS v3.1: 9.1
CVE: CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541
Description: On 24 February 2026 SolarWinds patched four critical vulnerabilities in Serv-U, a managed file transfer (MFT) and FTP server solution, in version 15.5.4. Serv-U is the company’s self-hosted Windows and Linux file transfer software that comes with both MFT and FTP server capabilities, enabling organizations to securely exchange files via FTP, FTPS, SFTP, and HTTP/S.
Sources:
- SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability (CVE-2025-40538)
- SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability (CVE-2025-40539)
- SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability (CVE-2025-40540)
- SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability (CVE-2025-40541)
Soliton Systems K.K. FileZen OS Command Injection Vulnerability
CVSS v3.0: 8.8
CVE: CVE-2026-25108
Description: FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. CISA has added this vulnerability to its KEV catalog.
Source: https://www.soliton.co.jp/support/2026/006657.html