Cisco warns of an actively exploited SD-WAN flaw with max severity
Summary
Cisco has issued a warning about a critical authentication bypass vulnerability in its Catalyst SD-WAN Controller and Manager platforms. This flaw, identified as CVE-2026-20182, allows unauthenticated remote attackers to gain administrative privileges and manipulate network configurations. Cisco has confirmed limited exploitation of this vulnerability and urges immediate application of software updates, as no workarounds are available.
IFF Assessment
This vulnerability allows attackers to bypass authentication and gain administrative privileges, posing a direct threat to network security and integrity.
Severity
The vulnerability allows for remote, unauthenticated access to gain administrative privileges, which is a critical impact. Exploitation requires only network access and sending crafted requests, indicating high exploitability.
CISA KEV: Listed as actively exploited. Federal patch due: May 17, 2026. Known ransomware use: Unknown.
Defender Context
This actively exploited vulnerability in Cisco's SD-WAN solutions presents a significant risk, allowing attackers to gain full administrative control. Defenders must prioritize patching these devices immediately to prevent unauthorized access and potential network compromise. Organizations relying on Cisco SD-WAN should also review their network segmentation and access controls to limit the blast radius of any potential exploitation.