THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0 and affects the SD-WAN Controller (vSmart) and Manager (vManage). An unauthenticated remote attacker can send crafted requests to bypass authentication, potentially gaining administrative access, using NETCONF, and altering SD-WAN fabric configurations.
Cisco fixed the flaw, and in May 2026 Cisco PSIRT reported limited real‑world exploitation while urging customers to upgrade to fixed software. Rapid7 described the flaw as a new authentication bypass affecting the same vdaemon networking stack area as CVE-2026-20127, noting the attacker can impersonate a trusted peer and perform privileged operations.
According to Cisco’s advisory, the issue originates from a peering authentication failure that could allow login to an affected system as an internal high-privileged account. CISA also requires agencies to address the vulnerability by the due date, and private organisations are advised to review the KEV catalog.