Government Advisory

CISA Orders Immediate Cisco SD-WAN Security Fix

Authentication bypass vulnerability in Catalyst SD-WAN gives attackers administrative access, with three-day federal deadline

Illustration: CISA Orders Immediate Cisco SD-WAN Security Fix

Authentication bypass vulnerability in Catalyst SD-WAN gives attackers administrative access, with three-day federal deadline

Summary

  • CISA added CVE-2026-20182 to Known Exploited Vulnerabilities catalog, affecting Cisco Catalyst SD-WAN Controller and Manager
  • Vulnerability allows unauthenticated remote attackers to bypass authentication and gain administrative privileges
  • Federal agencies must implement mitigations by 17 May 2026 under Emergency Directive 26-03

CISA has added CVE-2026-20182 to its Known Exploited Vulnerabilities catalog, identifying a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager systems.

The vulnerability allows unauthenticated, remote attackers to bypass authentication mechanisms and obtain administrative privileges on affected systems, according to CISA’s KEV catalog entry.

Federal Response

Federal agencies face a tight deadline to address this vulnerability. CISA has issued Emergency Directive 26-03 specifically targeting Cisco SD-WAN systems, requiring agencies to assess their exposure and implement mitigations by 17 May 2026.

The directive includes supplemental hunt and hardening guidance for Cisco SD-WAN devices. Agencies must either implement available mitigations or discontinue use of affected products if fixes are unavailable.

Technical Details

The vulnerability affects Cisco Catalyst SD-WAN Controller and Manager components. Technical details are available through Cisco’s security advisory and the National Vulnerability Database.

CISA’s action follows its Binding Operational Directive 22-01, which requires federal agencies to remediate known exploited vulnerabilities within specified timeframes.

Why It Matters

This vulnerability represents a significant risk for organisations using Cisco SD-WAN infrastructure, particularly given the administrative access it grants to attackers. The three-day federal remediation deadline suggests active exploitation or high confidence in imminent threats.

For CISOs, this incident highlights the critical importance of SD-WAN security monitoring and the need for rapid response capabilities when authentication bypass vulnerabilities emerge in network infrastructure.

What To Do Now

  • Assess exposure to Cisco Catalyst SD-WAN Controller and Manager systems in your environment
  • Review CISA’s Emergency Directive 26-03 mitigation guidelines and hunt and hardening guidance
  • Implement available mitigations or discontinue use if fixes are not available
  • Monitor Cisco’s security advisory for updated remediation guidance

Sources

Related Posts