Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2026-20182 is an actively exploited authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, creating a path to administrative privileges and SD-WAN configuration tampering. Cisco said it detected exploitation in May and released security updates to fully remediate the issue. CISA added the flaw to the Known Exploited Vulnerabilities Catalog, setting a May 17, 2026 patch deadline for federal agencies.
Cases
Related Happenings
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
H score35
First: 26.06.2026 22:43
Last: 26.06.2026 22:43
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
Campaign
H score38
First: 25.06.2026 17:15
Last: 25.06.2026 17:15
Sources 1
About this happening:
An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
CampaignAbout this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
Vulnerability
H score24
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
VulnerabilityAbout this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/Mitigation
H score35
First: 15.06.2026 09:17
Last: 15.06.2026 09:17
Sources 1
About this happening:
Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Palo Alto Networks GlobalProtect log search guidance for CVE-2026-0257
Advisory/MitigationAbout this happening: Palo Alto Networks is urging **GlobalProtect** customers to search logs for **successful gateway-connected events** tied to **CVE-2026-0257**, a step that can expose possible unau...
Timeline
-
14.05.2026 23:25 1 articles · 1mo ago
Cisco releases a patch for CVE-2026-20182
Mitigation Patch UpdateCisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.
Show sources
- Maximum Severity Cisco SD-WAN Bug Exploited in the Wild — www.darkreading.com — 14.05.2026 23:25
-
14.05.2026 23:09 3 articles · 1mo ago
Cisco warns on CVE-2026-20182 and response actions
Initial DisclosureCisco warned that CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that was being actively exploited in zero-day attacks and could grant administrative privileges, access NETCONF, and allow manipulation of SD-WAN network configuration. Cisco said security updates are available and that upgrading to a fixed software release is the only full remediation, while CISA added the flaw to the Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch affected devices by May 17, 2026.
Show sources
- Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks — www.bleepingcomputer.com — 14.05.2026 23:09
- Maximum Severity Cisco SD-WAN Bug Exploited in the Wild — www.darkreading.com — 14.05.2026 23:25
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — thehackernews.com — 15.05.2026 08:28
-
14.05.2026 23:09 3 articles · 1mo ago
Cisco warns on CVE-2026-20182 and response actions
Initial DisclosureCisco warned that CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager that was being actively exploited in zero-day attacks and could grant administrative privileges, access NETCONF, and allow manipulation of SD-WAN network configuration. Cisco said security updates are available and that upgrading to a fixed software release is the only full remediation, while CISA added the flaw to the Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch affected devices by May 17, 2026.
Show sources
- Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks — www.bleepingcomputer.com — 14.05.2026 23:09
- Maximum Severity Cisco SD-WAN Bug Exploited in the Wild — www.darkreading.com — 14.05.2026 23:25
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — thehackernews.com — 15.05.2026 08:28