Threat actor UAT-8616 is actively exploiting two CVSS 9.5 authentication bypass vulnerabilities in Cisco Catalyst SD-WAN control-plane components, gaining unauthenticated access to SD-WAN Controllers, Managers, and Validators via NETCONF. All deployment types are affected with no available workaround, making this the highest-urgency network infrastructure item this week.