The Cybersecurity and Infrastructure Security Agency has released Emergency Directive 26-03, Mitigate Vulnerabilities in Cisco SD-WAN Systems, along with Supplemental Direction ED 26-03, Hunt and Hardening Guidance for Cisco SD-WAN Systems, to address threat actors actively targeting federal networks leveraging designated Cisco systems and software.
The Potomac Officers Club’s 2026 Cyber Summit on May 21 will examine how government and industry are responding to escalating global cyber threats similar to the attacks on Cisco SD-WAN Systems. Sign up now to join this important GovCon event!
Table of Contents
What Prompted the 26-03 Directive?
CISA said Wednesday the identified flaws pose an unacceptable risk to federal civilian executive branch networks, prompting immediate remediation. The company’s forensic analysis, conducted in coordination with international partners, determined that the vulnerabilities could be exploited with limited complexity.
What Actions Must Agencies Take in Response to 26-03?
Agencies are required to create a comprehensive inventory of all affected Cisco SD-WAN assets, collect relevant system logs and virtual snapshots, and apply patches addressing CVE-2026-20127 and CVE-2022-20775. In addition, organizations should actively search their environments for signs of compromise and follow the security measures detailed in Cisco’s Catalyst SD-WAN Hardening Guide. The agency issued an alert accompanied by joint guidance titled the Cisco SD-WAN Threat Hunt Guide to help network defenders identify and respond to malicious activity.
“Operational disruptions create strain and uncertainty, give our adversaries unnecessary advantages, and forces our frontline cybersecurity experts to carry out critical work without pay. Based on collaboration with international partners and CISA’s forensic analysis, the ease with which these vulnerabilities can be exploited demands immediate action from all federal agencies,” said Madhu Gottumukkala, acting director of CISA.
Previous Cisco-Related Emergency Action
The directive follows earlier warnings about threats targeting Cisco systems. In September 2025, CISA issued an emergency directive warning of attackers exploiting vulnerabilities affecting Cisco Adaptive Security Appliances web services. The directive required organizations to identify all affected devices, collect forensic evidence, evaluate systems for signs of intrusion, disconnect unsupported hardware and update software to current supported releases.
Related Articles
The Department of Justice has appointed Shantrell “Nikki” Collier, deputy chief information officer, as deputy assistant attorney general for information resources management and CIO, Nextgov/FCW reported Wednesday. What Led to the DOJ CIO Transition? The leadership transition followed the departure of Melinda Rogers, who left her role as DOJ CIO at the end of May 2025. Rogers announced in a LinkedIn post that her departure marked an “inflection point” in her life, as her twin sons prepared to leave for college. She said she planned to pursue a new milestone while maintaining the professional relationships she built during her time
Zeke Maldonado has been appointed acting chief information officer at the Federal Emergency Management Agency. Former Department of Homeland Security Under Secretary and Chief Acquisition Officer Chris Cummiskey congratulated Maldonado on the appointment in a LinkedIn post on Tuesday. In his new role, Maldonado is responsible for delivering enterprise information management, technology and cybersecurity services that support FEMA’s workforce and disaster response operations, Cummiskey said. The role also includes shaping the agency’s technology strategy, overseeing major IT acquisitions, and ensuring alignment with federal architecture and security requirements. The new acting CIO will report to Shila Cooch, FEMA’s associate administrator for
The Federal Aviation Administration has launched the Accelerated Transformation of Legacy Applications and Systems, or ATLAS, initiative as a challenge-based acquisition effort designed to modernize more than 200 applications and approximately 3,000 databases across its mission-support portfolio. As federal agencies accelerate enterprise IT modernization and AI-driven transformation initiatives, leaders across government and industry are advancing the broader digital reform agenda. Save your seat at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22 and join experts as they discuss enterprise IT reform, AI and other emerging technologies shaping mission delivery. In a Feb. 17 notice posted on SAM.gov,