Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
Summary
Cisco has released a patch for a new zero-day vulnerability, CVE-2026-20182, affecting its SD-WAN products. This marks the sixth zero-day exploited in Cisco SD-WAN devices this year, with targeted attacks attributed to threat actor UAT-8616.
IFF Assessment
The exploitation of a zero-day vulnerability represents a direct threat to the security of Cisco's SD-WAN infrastructure, allowing for unauthorized access or control.
Severity
Given it's a zero-day exploited in targeted attacks and affects critical infrastructure (SD-WAN), a high CVSS score is estimated, reflecting potential for high impact and exploitability.
CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.
Defender Context
This article highlights a critical vulnerability in widely used SD-WAN infrastructure, emphasizing the ongoing risk posed by sophisticated threat actors. Defenders should prioritize patching and monitoring for signs of exploitation in their Cisco SD-WAN environments, especially given the frequency of zero-day disclosures for this product line.