A highly sophisticated threat actor, tracked as UAT-8616, is exploiting CVE-2026-20182, an authentication bypass flaw in Cisco Catalyst SD-WAN Controllers that can lead to administrative access and root compromise. Rapid7 and Cisco Talos warn that the bug has already been used in the wild, with attackers adding SSH keys, changing NETCONF settings, and targeting high-value organizations and critical infrastructure sectors. #CVE-2026-20182 #CiscoCatalyst #UAT-8616 #CiscoTalos #Rapid7
Keypoints
- CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controllers.
- The flaw earned a CVSS score of 10.0 and allows unauthenticated access.
- Cisco Talos says UAT-8616 has already exploited the vulnerability in the wild.
- Attackers used access to add SSH keys, modify NETCONF, and escalate to root.
- Ciscoβs patch is the main defense against compromise of the entire overlay network.
Read More: https://www.darkreading.com/vulnerabilities-threats/maximum-severity-cisco-sd-wan-bug-exploited