THE Known Exploited Vulnerabilities (KEV) catalog lists CVE-2026-20182, described as a Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability that lets an unauthenticated, remote attacker bypass authentication and obtain administrative privileges on an affected system. The entry notes related CWE-287 and states that its status is unknown regarding ransomware campaigns. Date added is 14 May 2026 with a due date of 17 May 2026.
Additional notes provide mitigation guidance via CISA directives and hunting and hardening guidance for Cisco SD-WAN devices, along with a Cisco security advisory link and the NIST CVE detail page. According to CISA, organisations should assess exposure and mitigate risks for Cisco SD-WAN devices and follow the directive and guidance referenced in the KEV entry. Subscribe to KEV updates to stay informed about the latest known exploited vulnerabilities.