Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks.

The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0.

"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system," Cisco said.

The networking equipment major said the flaw stems from a malfunction of the peering authentication mechanism, which an attacker could exploit by sending crafted requests to the affected system.

A successful exploit could permit the attacker to log in to the Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account, and then weaponize it to access NETCONF and manipulate network configuration for the SD-WAN fabric..

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Other newsrooms on this story

Related reading

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Emergency Cisco Critical 0Day Update—Attackers Downgrade Security

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage