CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added CVE-2026-20182 to the KEV catalog and ordered Federal Civilian Executive Branch agencies to remediate Cisco Catalyst SD-WAN Controller by May 17, 2026, turning the flaw into a federal remediation priority because it is tied to active abuse. The move puts a concrete deadline on federal response and raises urgency around affected Cisco SD-WAN environments. It also reinforces the operational significance of the vulnerability for government networks.
Cases
Related Happenings
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA KEV update and FCEB remediation deadline
Public Sector Action
H score33
First: 10.06.2026 17:44
Last: 10.06.2026 17:44
Sources 1
About this happening:
**CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA KEV update and FCEB remediation deadline
Public Sector ActionAbout this happening: **CISA** added **three actively exploited vulnerabilities** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate by **June 23, 2026**. Th...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)
Vulnerability
H score60
First: 05.06.2026 09:24
Last: 05.06.2026 09:24
Sources 1
About this happening:
**CVE-2026-20245** in **Cisco Catalyst SD-WAN Manager** is an **actively exploited** **high-severity** vulnerability that can let an **authenticated local attacker** with **netadm...
Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)
VulnerabilityAbout this happening: **CVE-2026-20245** in **Cisco Catalyst SD-WAN Manager** is an **actively exploited** **high-severity** vulnerability that can let an **authenticated local attacker** with **netadm...
Latest development: 06.06.2026 07:19
Cisco warned that CVE-2026-20245 in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, is under active exploitation and can let an authenticated local attacker with netadmin privileges upload a crafted file to execute arbitrary commands as root. Cisco said the flaw affects On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP), that limited exploitation has already resulted in configuration changes pushed to edge devices, and that no patches or mitigations are currently available. Cisco also advised checking /var/log/scripts.log for indicators of compromise and credited Google Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan with discovering and reporting the issue.
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
Vulnerability
H score60
First: 14.05.2026 23:09
Last: 14.05.2026 23:09
Sources 1
How related:
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.
About this happening:
**CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)
VulnerabilityHow related: The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026.
About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...
Latest development: 14.05.2026 23:25
Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.
Timeline
-
15.05.2026 08:28 2 articles · 1mo ago
CISA adds CVE-2026-20182 to the KEV catalog
Legal Policy Action UpdateCISA added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that can let a remote unauthenticated attacker obtain administrative privileges, to the KEV catalog and required Federal Civilian Executive Branch agencies to remediate the vulnerability by May 17, 2026.
Show sources
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — thehackernews.com — 15.05.2026 08:28
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — thehackernews.com — 15.05.2026 08:28
-
15.05.2026 08:28 1 articles · 1mo ago
Cisco attributes active exploitation to UAT-8616
Attribution UpdateCisco attributed active exploitation of CVE-2026-20182 with high confidence to UAT-8616, the same cluster linked to CVE-2026-20127, and said the actor attempted to add SSH keys, modify NETCONF configurations, and escalate to root privileges after compromise.
Show sources
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits — thehackernews.com — 15.05.2026 08:28