Public administration — SD-WAN, Windows zero-days, and qualified e-signature infrastructure at risk

CVE-2026-20182 (Cisco SD-WAN) signals that network infrastructure serving public-sector WAN-connected sites is the primary exploitation target this week. Simultaneously, the Windows zero-day cluster (YellowKey/GreenPlasma/MiniPlasma) without OOB patch represents a persistent risk to the Windows-centric desktop estates that are standard in CH/EU federal and cantonal administrations. Poland's CERT-PL disclosed CVE-2026-44088 in SzafirHost, a vendor providing JAR-signed qualified electronic signature services to public administration — a JAR zip-polyglot bypass / class-loading split-brain vulnerability enabling RCE via signed-JAR + ZIP combination.