Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First reported
Last updated
Happening score
H score 60
3 unique sources, 3 articles

Summary

Hide ▲

CVE-2026-20182 is an actively exploited authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, creating a path to administrative privileges and SD-WAN configuration tampering. Cisco said it detected exploitation in May and released security updates to fully remediate the issue. CISA added the flaw to the Known Exploited Vulnerabilities Catalog, setting a May 17, 2026 patch deadline for federal agencies.

Cases

Related Happenings

CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server

Public Sector Action
H score35 First: 26.06.2026 22:43 Last: 26.06.2026 22:43 Sources 1

About this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...

Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign

Campaign
H score38 First: 25.06.2026 17:15 Last: 25.06.2026 17:15 Sources 1

About this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...

CISA adds CVE-2026-20262 to KEV and orders federal fixes

Public Sector Action
H score32 First: 16.06.2026 09:05 Last: 16.06.2026 09:05 Sources 1

About this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...

Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)

Vulnerability
H score24 First: 15.06.2026 20:12 Last: 15.06.2026 20:12 Sources 1

About this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...

Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257

Advisory/Mitigation
H score35 First: 15.06.2026 09:17 Last: 15.06.2026 09:17 Sources 1

About this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...

Timeline

  1. 14.05.2026 23:25 1 articles · 1mo ago

    Cisco releases a patch for CVE-2026-20182

    Mitigation Patch Update

    Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

    Show sources
  2. 14.05.2026 23:09 3 articles · 1mo ago

    Cisco warns on CVE-2026-20182 and response actions

    Initial Disclosure

    Cisco warned that CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that was being actively exploited in zero-day attacks and could grant administrative privileges, access NETCONF, and allow manipulation of SD-WAN network configuration. Cisco said security updates are available and that upgrading to a fixed software release is the only full remediation, while CISA added the flaw to the Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch affected devices by May 17, 2026.

    Show sources
  3. 14.05.2026 23:09 3 articles · 1mo ago

    Cisco warns on CVE-2026-20182 and response actions

    Initial Disclosure

    Cisco warned that CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that was being actively exploited in zero-day attacks and could grant administrative privileges, access NETCONF, and allow manipulation of SD-WAN network configuration. Cisco said security updates are available and that upgrading to a fixed software release is the only full remediation, while CISA added the flaw to the Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch affected devices by May 17, 2026.

    Show sources