Attackers exploited a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager, tracked as CVE-2026-20182, which Cisco and Rapid7 say can grant the highest level of administrative access. Cisco attributed the activity to UAT-8616 and warned that a single compromised controller could let attackers reroute traffic, intercept communications, and disrupt entire networks. #Cisco #CVE-2026-20182 #UAT-8616
Keypoints
- Cisco disclosed a max-severity zero-day affecting Catalyst SD-WAN Controller and Manager.
- The flaw, CVE-2026-20182, is an authentication bypass with a CVSS score of 10.
- Rapid7 and Cisco said limited exploitation was already observed in the wild.
- Cisco linked the attacks to UAT-8616, a threat group tied to earlier zero-days.
- Researchers warned that compromising the controller can impact an entire SD-WAN fabric.
Read More: https://cyberscoop.com/cisco-sd-wan-zero-day-exploited/