Alerts
Active Exploitation of Critical Vulnerability in Cisco Catalyst SD-WAN
15 May 2026
Cisco has released security updates to address a critical vulnerability in Cisco Catalyst SD-WAN Controller. Users and administrators of affected products are advised to update to the latest versions immediately.
Background
Cisco has released security updates to address a critical authentication bypass vulnerability (CVE-2026-20182) affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 10.0 out of 10.
Impact
Due to the peering authentication mechanism in the control connection handshake not functioning properly, an unauthenticated remote attacker could send crafted requests to bypass authentication and gain administrative privileges on the affected system, enabling the attacker to access NETCONF and manipulate network configuration for the entire SD-WAN fabric.
Known Exploitation
This vulnerability is being actively exploited in the wild.
Affected Products
This vulnerability affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, regardless of device configuration.
This vulnerability affects all deployment types, including:
On-Prem Deployment
Cisco SD-WAN Cloud-Pro
Cisco SD-WAN Cloud (Cisco Managed)
Cisco SD-WAN for Government (FedRAMP)
This vulnerability affects the following Cisco Catalyst SD-WAN versions:
All releases earlier than 20.9
Release 20.9
Release 20.10
Release 20.11
Release 20.12
Release 20.13
Release 20.14
Release 20.15
Release 20.16
Release 20.18
Release 26.1
Mitigation
Users and administrators of affected products are advised to update to the latest versions immediately.
References