Cisco has released updates for CVE-2026-20182, a maximum-severity authentication bypass in Catalyst SD-WAN Controller and Manager that has already seen limited exploitation. The flaw can let a remote unauthenticated attacker gain administrative access, manipulate SD-WAN network configuration, and is linked to similar issues previously observed in CVE-2026-20127 and activity by UAT-8616. #Cisco #CVE-2026-20182 #CVE-2026-20127 #UAT-8616
Keypoints
- Cisco fixed CVE-2026-20182 in Catalyst SD-WAN Controller and Manager.
- The flaw allows remote authentication bypass and administrative access.
- Successful exploitation can enable network configuration changes through NETCONF.
- Limited real-world exploitation was observed by Cisco in May 2026.
- Rapid7 linked the issue to the same vdaemon service targeted by CVE-2026-20127.
Read More: https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html