Cisco Catalyst SD-WAN systems are under active exploitation by threat actor UAT-8616, targeting authentication bypass and privilege escalation vulnerabilities that could allow unauthorized access to network infrastructure. CISA has issued Emergency Directive ED 26-03 requiring federal agencies to mitigate these vulnerabilities, signaling elevated national-security concern. Organizations running Cisco SD-WAN face dual risk: real network compromise and wasted SOC capacity from fraudulent proof-of-concept code circulating online that is generating false escalations.