ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·1/22/2026
CVE-2025-34026 added to CISA KEV: Versa Concerto
Status: ✅ Confirmed exploited in the wild
Date added: 2026-01-22
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date: 2026-02-12
Why this matters
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.