Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE-2026-20182)

Summary of Authentication Bypass Vulnerability in Cisco Catalyst SD-WAN Controller Vulnerability Overview Vulnerability Name: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE ID: CVE-2026-20182 CVSS Score: 10.0 (Critical) Release Date: May 14, 2026 Vulnerability Description: A defect exists in the peering authentication mechanism of the Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and the Cisco Catalyst SD-WAN Manager (formerly vManage). An attacker can bypass authentication by sending forged requests to the affected system, allowing them to log in as an internal, high-privileged non-root user. Using this account, an attacker can access NETCONF to manipulate the configuration of the SD-WAN network. Exploitation Status: In May 2026, Cisco identified limited exploitation of this vulnerability. Affected Scope Affected Products: Cisco Catalyst SD-WAN Controller Cisco Catalyst SD-WAN Manager Affected Deployment Types: On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) Remediation Cisco has released software updates to address this vulnerability. Customers are advised to upgrade to the following fixed software versions: Note: Versions 20.11 and 20.13 have reached End of Software Maintenance (EoS). Cisco strongly recommends customers upgrade to a supported version. Additional Key Information Workarounds: None. Forensic Recommendations: Before upgrading, customers are advised to issue the command from each SD-WAN component to preserve potential indicators of compromise (IOCs). Check the file for entries containing originating from unknown or unauthorized IP addresses. * Validate the legitimacy of peering events, including timestamps, IP addresses, peer types, and other relevant details.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability (CVE-2026-20182)