CISA has added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. Cisco links the attacks to UAT-8616 and says multiple threat clusters are using proof-of-concept exploits to deploy web shells, miners, backdoors, and credential stealers on affected systems. #CVE-2026-20182 #CiscoCatalystSDWANController #UAT-8616 #XenShell #Godzilla #Behinder #Sliver #XMRig
Keypoints
- CISA added CVE-2026-20182 to the KEV catalog.
- The flaw is a critical authentication bypass with a CVSS score of 10.0.
- Cisco said UAT-8616 is actively exploiting the vulnerability.
- Attackers are using proof-of-concept code to deploy web shells and other tools.
- Cisco urges customers to follow the published advisories and remediation guidance.
Read More: https://thehackernews.com/2026/05/cisa-adds-cisco-sd-wan-cve-2026-20182.html