Krux
March 2, 2026
CISA Orders Federal Agencies: Patch Cisco Flaw by Thursday
Published: March 2, 2026 at 6:08 PM
Updated: March 2, 2026 at 6:08 PM
100-word summary
The Cybersecurity and Infrastructure Security Agency issued an emergency directive this week after hackers exploited a perfect-10 severity bug in Cisco's SD-WAN networking gear. Federal agencies have until February 27 to inventory every affected device, apply patches, and hunt for intruders already inside their networks. There's no workaround, only a fix. The flaw lets attackers bypass authentication entirely on the controllers that manage traffic across government WANs. CISA linked the active attacks to a "highly sophisticated" threat group. Agencies that miss Thursday's deadline will be running the digital equivalent of unlocked back doors on their wide-area networks.
What happened
The Cybersecurity and Infrastructure Security Agency issued an emergency directive this week after hackers exploited a perfect-10 severity bug in Cisco's SD-WAN networking gear. Federal agencies have until February 27 to inventory every affected device, apply patches, and hunt for intruders already inside their networks. There's no workaround, only a fix. The flaw lets attackers bypass authentication entirely on the controllers that manage traffic across government WANs. CISA linked the active attacks to a "highly sophisticated" threat group.
Why it matters
Agencies that miss Thursday's deadline will be running the digital equivalent of unlocked back doors on their wide-area networks.