Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Summary
Cisco has released updates to fix a critical authentication bypass vulnerability (CVE-2026-20182) in its Catalyst SD-WAN Controller. This flaw, rated with a CVSS score of 10.0, has reportedly been exploited in limited, targeted attacks, allowing adversaries to gain administrative access.
IFF Assessment
The exploitation of a critical authentication bypass vulnerability allows attackers to gain administrative access, posing a significant threat to network security.
Severity
The vulnerability is rated as critical with a CVSS score of 10.0, indicating a maximum severity. This is due to the ease of exploitation and the significant impact of gaining administrative access to sensitive network infrastructure.
CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.
Defender Context
This actively exploited critical vulnerability in Cisco Catalyst SD-WAN Controller requires immediate attention from network administrators. Organizations using this product should prioritize patching to prevent unauthorized administrative access and potential downstream impacts on network control and data flow.