Key Points
- CVE-2026-20182: Critical flaw in Cisco Catalyst SD-WAN Controller and Manager, actively exploited.
- CVSS 10.0 severity allows unauthenticated attackers to bypass authentication and gain admin control.
- Apply software updates immediately; no workarounds exist.
What is changing
Network World reports that Cisco has issued a security advisory for CVE-2026-20182, an authentication bypass vulnerability in Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Catalyst SD-WAN Manager, formerly SD-WAN vManage. The flaw stems from improper validation in peering authentication during control connection establishment, allowing attackers to bypass authentication, obtain admin privileges, and manipulate network configurations via NETCONF.
Fixed in software updates for versions 20.9 through 26.1.1, the vulnerability has no workarounds. Discovered by Rapid7 researchers, it has been exploited since May 2026, requiring urgent patching.
Why it matters
This flaw is critical for organizations using Cisco SD-WAN. The max-severity CVSS 10.0 rating and active exploitation pose a high risk of system compromise and network disruption, with CISA adding it to its known exploited vulnerabilities catalog.
IT administrators should apply patches without delay and audit control peering relationships using commands like “show control connections” to detect malicious peers. The impact is extensive due to the vulnerability’s configuration-independent nature, affecting all deployments.
Have you deployed Cisco SD-WAN? Share your patching experience or thoughts in the comments.