A zero-day vulnerability in Cisco Catalyst SD-WAN has been discovered and patched after exploitation by highly sophisticated attackers. This flaw enables attackers to bypass authentication mechanisms and gain administrative privileges on affected devices. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, highlighting its critical nature. Although no public proof-of-concept exploits or widespread exploitation have been reported yet, the risk remains significant due to the potential for full system compromise. Cisco has released patches to address this issue, emphasizing the urgency for organizations using Catalyst SD-WAN to update promptly. The vulnerability impacts network infrastructure critical for secure wide-area network management and could lead to severe confidentiality, integrity, and availability breaches if exploited. Organizations worldwide relying on Cisco SD-WAN solutions should prioritize mitigation to prevent unauthorized access and potential lateral movement within their networks. Given the complexity and sophistication of the attackers, this threat poses a high risk to enterprise and government networks globally.

The identified zero-day vulnerability affects Cisco Catalyst SD-WAN, a widely deployed software-defined wide-area networking solution used to manage and secure enterprise WANs. The flaw allows attackers to bypass authentication controls, granting them administrative privileges without valid credentials. This type of privilege escalation can enable attackers to fully control the affected devices, manipulate network traffic, disrupt services, or deploy further malicious payloads. The vulnerability's inclusion in CISA’s KEV catalog underscores its exploitation by advanced threat actors, indicating targeted attacks against critical network infrastructure. Although specific technical details such as the exact attack vector or vulnerability type (e.g., buffer overflow, logic flaw) have not been disclosed, the ability to bypass authentication suggests a severe design or implementation weakness. Cisco has issued patches to remediate the vulnerability, but no known exploits in the wild have been publicly confirmed, suggesting either limited or highly targeted use so far. The affected systems are integral to network operations, making timely patching essential to prevent potential compromise and lateral movement within enterprise environments.

SecurityWeek

Detailed information about Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers. Get real-time updates, technical details, and mitig

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers

CVE-2026-28138 is a deserialization of untrusted data vulnerability in the Stylemix uListing plugin versions up to 2. 2. 0. This flaw allows an attacker to perform object injection by exploiting unsafe deserialization processes. Although no known exploits are currently reported in the wild, successful exploitation could lead to remote code execution or other malicious behaviors. The vulnerability affects websites using the uListing plugin, commonly deployed on WordPress platforms. No official patches or fixes have been published yet, increasing the urgency for mitigation. Exploitation does not require authentication but may require user interaction depending on the attack vector. Organizations using this plugin should prioritize risk assessment and implement immediate protective measures. Countries with significant WordPress usage and e-commerce or listing platforms are at higher risk.

CVE-2026-28138 identifies a critical vulnerability in the Stylemix uListing WordPress plugin, specifically versions up to and including 2.2.0. The vulnerability arises from unsafe deserialization of untrusted data, which enables object injection attacks. Deserialization is the process of converting data from a format suitable for storage or transmission back into an object in memory. When this process is performed on untrusted input without proper validation or sanitization, attackers can manipulate the serialized data to inject malicious objects. This can lead to arbitrary code execution, privilege escalation, or other unauthorized actions within the affected application environment. The uListing plugin is widely used for creating listing and directory websites on WordPress, making it a valuable target for attackers seeking to compromise such sites. Although no public exploits have been reported yet, the nature of the vulnerability and the widespread use of the plugin suggest a significant risk. The lack of a CVSS score and absence of official patches indicate that the vulnerability is newly disclosed and requires immediate attention from administrators. The vulnerability does not specify whether authentication or user interaction is required, but typically, deserialization flaws can be exploited remotely by sending crafted requests to vulnerable endpoints. This vulnerability underscores the importance of secure coding practices around serialization and deserialization in web applications.

CVE Database V5

Detailed information about CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing affecting Stylemix uListing. Get real-time updates, technical 

CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing

CVE-2026-28136 is an SQL Injection vulnerability in the VeronaLabs WP SMS WordPress plugin affecting versions up to 6. 9. 12. The flaw arises from improper neutralization of special elements in SQL commands, allowing attackers to manipulate database queries. Exploitation could lead to unauthorized data access, data modification, or database compromise. No public exploits are currently known, but the vulnerability is publicly disclosed and unpatched. Organizations using WP SMS in their WordPress environments are at risk, especially if the plugin handles sensitive SMS or user data. Mitigation requires applying vendor patches once available or implementing strict input validation and web application firewalls as interim measures. Countries with high WordPress usage and significant adoption of WP SMS plugins, including the United States, India, Brazil, Germany, and the United Kingdom, are most likely to be affected. Given the potential for data breach and ease of exploitation without authentication, the severity is assessed as high.

CVE-2026-28136 identifies a critical SQL Injection vulnerability in the VeronaLabs WP SMS plugin for WordPress, affecting all versions up to and including 6.9.12. The vulnerability stems from improper neutralization of special characters in SQL commands, which allows attackers to inject malicious SQL code. This can enable unauthorized access to the underlying database, potentially exposing sensitive information such as user data, SMS content, or configuration details. The attack vector typically involves sending crafted input through plugin interfaces that interact with the database without proper sanitization or parameterization. Although no known exploits are currently in the wild, the public disclosure of this vulnerability increases the risk of exploitation by attackers. The plugin is widely used in WordPress environments to facilitate SMS messaging, making it a valuable target for attackers seeking to compromise websites or extract confidential data. The absence of a CVSS score indicates the need for a manual severity assessment. The vulnerability does not require authentication or user interaction, increasing its risk profile. The lack of an available patch at the time of disclosure necessitates immediate mitigation efforts by administrators.

Detailed information about CVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS affecting V

CVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS

CVE-2026-28132 is a basic Cross-Site Scripting (XSS) vulnerability in the villatheme WooCommerce Photo Reviews plugin, affecting versions up to 1. 4. 4. The flaw arises from improper neutralization of script-related HTML tags, enabling attackers to inject malicious code into web pages. Exploitation could allow attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or redirection to malicious sites. No known exploits are currently reported in the wild. The vulnerability affects e-commerce sites using this plugin, which is popular among WooCommerce users. Mitigation requires applying patches once available or implementing strict input validation and output encoding as interim measures. Countries with significant WooCommerce usage and e-commerce activity are at higher risk. Given the ease of exploitation and potential impact on confidentiality and integrity, this vulnerability is assessed as high severity.

CVE-2026-28132 identifies a Cross-Site Scripting (XSS) vulnerability in the villatheme WooCommerce Photo Reviews plugin, specifically versions up to 1.4.4. The vulnerability stems from improper neutralization of script-related HTML tags within user-supplied input that is rendered on web pages without adequate sanitization or encoding. This allows attackers to inject malicious JavaScript code that executes in the browsers of users visiting affected pages. The injected scripts can perform actions such as stealing session cookies, redirecting users to phishing sites, or manipulating page content. The vulnerability is categorized as a basic XSS, indicating that it does not require complex conditions or advanced techniques to exploit. While no exploits have been reported in the wild yet, the widespread use of WooCommerce and its plugins makes this a significant risk. The vulnerability affects the confidentiality and integrity of user data and can undermine user trust in affected e-commerce platforms. The lack of a CVSS score suggests this is a newly discovered issue, with a patch not yet publicly available. The vulnerability was published on February 26, 2026, and assigned by Patchstack. The absence of known exploits provides a window for organizations to implement mitigations before active exploitation occurs.

Detailed information about CVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews

CVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews

CVE-2026-28131 is a vulnerability in the WPVibes Elementor Addon Elements plugin for WordPress, affecting versions up to 1. 14. 4. It allows attackers to retrieve embedded sensitive information by inserting such data into sent communications, potentially exposing confidential data. The vulnerability does not require known exploits in the wild yet, and no CVSS score has been assigned. Exploitation could lead to unauthorized disclosure of sensitive information, impacting confidentiality. The vulnerability affects websites using this popular page builder addon, which is widely used in WordPress environments globally. Mitigation involves updating the plugin once a patch is released or applying manual code reviews to prevent sensitive data leakage. Countries with significant WordPress usage and reliance on this addon, including the United States, United Kingdom, Germany, India, Australia, and Canada, are at higher risk. The severity is assessed as high due to the potential confidentiality impact and ease of exploitation without authentication.

The CVE-2026-28131 vulnerability affects the WPVibes Elementor Addon Elements plugin, a widely used extension for the Elementor page builder on WordPress. This vulnerability involves the insertion of sensitive information into data sent by the plugin, allowing attackers to retrieve embedded sensitive data that should otherwise remain confidential. The flaw exists in versions up to and including 1.14.4, with no specific version range prior to that identified. The vulnerability likely arises from improper handling or sanitization of sensitive data before it is transmitted, potentially exposing credentials, tokens, or other confidential information embedded in the plugin's communications. Although no known exploits are currently active in the wild, the vulnerability's nature suggests that an attacker with access to the affected site or its data flow could extract sensitive information without requiring authentication or complex user interaction. The lack of a CVSS score indicates that the vulnerability is newly published and pending further analysis. The plugin is popular among WordPress users globally, especially in regions with high WordPress adoption. The vulnerability's impact primarily concerns confidentiality breaches, which could lead to further compromise if sensitive data such as API keys, user credentials, or configuration details are exposed. The technical details are limited, but the vulnerability is confirmed by Patchstack and published in the CVE database, indicating credible validation. No patches or fixes are currently linked, so users must monitor vendor advisories closely. The vulnerability underscores the importance of secure data handling in WordPress plugins, especially those that manage or transmit sensitive information.

Detailed information about CVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements affecting WPVibes Elementor Add

CVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements

The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.

Detailed information about CVE-2024-44073: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-44073: n/a

CVE-2024-44073: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing

CVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS

CVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews

CVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements

CVE-2026-28083: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in UX-themes Flatsome

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility