A three-CVE chain targeting Cisco Catalyst SD-WAN delivers unauthenticated root access to the SD-WAN management plane across all deployment types, including FedRAMP. Active exploitation by UAT-8616 is confirmed, intrusion activity has been traced to at least 2023, and CISA Emergency Directive 26-03 is in effect. Patches are incomplete across all release trains as of the analysis date.