CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
Cisco Catalyst SD-WAN Controller and Manager have an authentication bypass vulnerability (CVE-2026-20182) that allows unauthenticated remote attackers to gain administrative privileges. CISA has issued Emergency Directive 26-03 for federal agencies to assess and mitigate risks, with a due date of May 17, 2026.
IFF Assessment
This vulnerability allows unauthenticated attackers to bypass authentication and gain administrative privileges, which is a significant risk to defenders.
Severity
The vulnerability allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges, indicating a high impact on confidentiality, integrity, and availability. The attack vector is network, and the attack complexity is low.
CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.
Defender Context
This critical vulnerability in Cisco Catalyst SD-WAN allows for complete administrative takeover, posing a severe risk of compromise for network infrastructure. Defenders must prioritize applying mitigations and assessing exposure according to CISA directives to prevent unauthorized access and potential exploitation for ransomware or other malicious activities.