Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

FOE KNOWN EXPLOITED Bleeping Computer

Summary

Cisco has issued a warning about a critical authentication bypass vulnerability (CVE-2026-20182) in its Catalyst SD-WAN Controller. This flaw has already been exploited in zero-day attacks, allowing attackers to gain administrative privileges on affected devices.

IFF Assessment

FOE

The discovery of an actively exploited zero-day vulnerability that grants administrative privileges to attackers represents a significant threat to organizations relying on Cisco's SD-WAN solutions.

Severity

10.0 Critical

The vulnerability allows for authentication bypass and grants administrative privileges, indicating a high attack vector and significant impact on confidentiality, integrity, and availability.

CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.

Defender Context

Defenders should prioritize patching or mitigating this critical vulnerability in their Cisco Catalyst SD-WAN Controllers immediately. Monitoring network traffic for signs of unauthorized access and ensuring robust authentication mechanisms are in place is crucial, especially given the active exploitation in the wild.

Read Full Story →