CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Summary
CISA has added a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, tracked as CVE-2026-20182, to its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to remediate this issue by May 17, 2026.
IFF Assessment
The article details a critical vulnerability being actively exploited, which poses a direct threat to network infrastructure and data.
Severity
This is a critical authentication bypass vulnerability that allows for administrative access, making it highly exploitable and potentially leading to a complete system compromise.
CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must prioritize patching or mitigating CVE-2026-20182, especially if managing Cisco SD-WAN infrastructure. The inclusion in CISA's KEV catalog indicates active exploitation, meaning unpatched systems are at immediate risk of administrative takeover.