CVE-2026-20127

The repository claims to provide an exploit for CVE-2026-20127 but lacks actual exploit code, instead directing users to an external download link. The README contains detailed usage instructions and technical claims but no functional code or technical analysis.

The repository contains a functional exploit for CVE-2026-20127, a pre-authentication RCE vulnerability in Cisco SD-WAN. The exploit leverages a hardcoded credential mechanism to bypass authentication and deploy a malicious WAR file, achieving remote code execution.

This repository contains a functional exploit for CVE-2026-20127, targeting the Cisco Catalyst SD-WAN Controller authentication bypass vulnerability. The exploit leverages a forged CHALLENGE_ACK_ACK message to bypass certificate verification and gain unauthorized access.

This repository provides a detailed technical analysis of CVE-2026-20127, a critical pre-authentication RCE vulnerability in Cisco SD-WAN. The README includes root cause analysis, exploitation mechanics, and real-world attack scenarios, but the Python exploit code is truncated and incomplete.

This repository contains a functional exploit for CVE-2026-20127, targeting a DTLS authentication bypass in vdaemon. The exploit leverages a forged CHALLENGE_ACK_ACK message to bypass authentication and inject SSH keys into the target system.

The repository contains a C++-based network scanner that identifies potential Cisco SD-WAN / vManage services and checks for vulnerability to CVE-2026-20127 by sending crafted HTTP requests to specific endpoints. It does not include exploit code for achieving remote code execution or other offensive actions.

This repository contains a passive fingerprinting tool designed to identify internet-facing Cisco SD-WAN (vManage / Viptela) instances by scanning common ports and analyzing HTTP/HTTPS responses, TLS certificates, and service banners. It does not exploit CVE-2026-20127 but helps detect potentially exposed management interfaces.

This repository contains a functional exploit for CVE-2026-20127, an authentication bypass vulnerability in Cisco Catalyst SD-WAN. The exploit automates the process of retrieving a DCA key, logging in, uploading a WAR file, and verifying exploitation via two detection methods.

The repository contains a functional exploit for CVE-2026-20127, an authentication bypass vulnerability in Cisco Catalyst SD-WAN. The exploit leverages a directory traversal flaw to upload a malicious WAR file, enabling remote command execution via a deployed JSP webshell.

This repository provides a detailed technical analysis of CVE-2026-20127, an authentication bypass vulnerability in Cisco SD-WAN (vSmart and vManage). It includes in-depth explanations of the vulnerability, exploitation steps, and patch analysis, but does not contain functional exploit code.

This repository contains a detailed architectural documentation and compliance tracker for CISA ED 26-03, focusing on remediation steps for CVE-2026-20127 and CVE-2022-20775. It includes automated scripts to generate architecture diagrams and documentation but does not contain exploit code.

The repository claims to exploit CVE-2026-20127 via an unauthenticated remote auth bypass but lacks actual exploit code, instead redirecting users to an external download link (tinyurl.com). The README is detailed but lacks technical depth and includes vague marketing language.

This Metasploit module exploits an authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (vSmart) by manipulating the verify_status byte in CHALLENGE_ACK_ACK messages, allowing an unauthenticated attacker to gain trusted peer status and inject an SSH public key for persistent access.