Active Exploitation of Critical Vulnerability in Cisco Catalyst SD-WAN - Cyber Security Agency of Singapore

Home Alerts & Advisories Alerts Active Exploitation of Critical Vulnerability in Cisco Catalyst SD-WAN Alerts Active Exploitation of Critical Vulnerability in Cisco Catalyst SD-WAN 15 May 2026 Cisco has released security updates to address a critical vulnerability in Cisco Catalyst SD-WAN Controller. Users and administrators of affected products are advised to update to the latest versions immediately. Background Cisco has released security updates to address a critical authentication bypass vulnerability (CVE-2026-20182) affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 10.0 out of 10. Impact Due to the peering authentication mechanism in the control connection handshake not functioning properly, an unauthenticated remote attacker could send crafted requests to bypass authentication and gain administrative privileges on the affected system, enabling the attacker to access NETCONF and manipulate network configuration for the entire SD-WAN fabric. Known Exploitation This vulnerability is being actively exploited in the wild. Affected Products This vulnerability affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, regardless of device configuration. This vulnerability affects all deployment types, including: On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) This vulnerability affects the following Cisco Catalyst SD-WAN versions: All releases earlier than 20.9 Release 20.9 Release 20.10 Release 20.11 Release 20.12 Release 20.13 Release 20.14 Release 20.15 Release 20.16 Release 20.18 Release 26.1 Mitigation Users and administrators of affected products are advised to update to the latest versions immediately. References https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW https://nvd.nist.gov/vuln/detail/CVE-2026-20182 https://www.bleepingcomputer.com/news/security/cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks Back to top