The National Computer Emergency Response Team has issued a warning about a severe security flaw in Cisco Systems products, which could allow hackers to gain full control of enterprise and government networks without requiring a password.

The vulnerability specifically affects the Cisco Catalyst SD-WAN Manager, a tool used by organizations to centrally manage network operations. According to NCERT, the flaw has been assigned the identifier CVE-2026-20127 and carries a CVSS score of 10.0, the highest possible severity rating.

NCERT highlighted that the flaw has already been exploited in zero-day attacks, making it a pressing cybersecurity concern. The vulnerability allows attackers to bypass login protections and remotely access systems without credentials, particularly if the affected system is exposed to the internet.

Security experts warn that organizations using Cisco Catalyst SD-WAN Manager should act immediately to mitigate the risk. Recommended measures include applying the latest security patches, restricting internet-facing access, and closely monitoring network traffic for suspicious activity.

The advisory emphasizes that the flaw could compromise critical government and enterprise infrastructure, potentially leading to data breaches, system disruptions, or unauthorized administrative control. NCERT urged all affected entities to follow official mitigation steps provided by Cisco to prevent exploitation.

This alert underscores the growing threat landscape in network security, highlighting the importance of proactive monitoring, timely patching, and strong cybersecurity practices. Organizations are reminded that even highly trusted network systems can be vulnerable to zero-day exploits if not regularly updated.