Maximum-severity vulnerability CVE-2026-20182 with CVSS 10.0 score has been exploited in limited attacks.
- Cisco patched CVE-2026-20182, a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller
- The vulnerability carries a CVSS score of 10.0 and has been exploited in limited attacks
- Flaw affects peering authentication in SD-WAN Controller and SD-WAN Manager products
Cisco has released security updates to address a critical authentication bypass vulnerability in its Catalyst SD-WAN Controller that attackers have already exploited in limited attacks.
The vulnerability, designated CVE-2026-20182, carries the maximum Common Vulnerability Scoring System (CVSS) score of 10.0. It affects the peering authentication mechanism in Cisco Catalyst SD-WAN Controller, formerly known as SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager.
According to Cisco’s advisory, the flaw enables attackers to bypass authentication controls and potentially gain administrative access to affected systems. The networking giant confirmed that the vulnerability has been exploited in real-world attacks, though it characterised the exploitation as limited in scope.
The authentication bypass affects the peering authentication process, a critical security mechanism that validates communications between SD-WAN components. When successfully exploited, attackers could potentially compromise the entire SD-WAN infrastructure managed by the affected controller.
Cisco has made software updates available to remediate the vulnerability. The company has not disclosed specific details about the attack methods or the extent of the limited exploitation incidents.
SD-WAN technologies have become increasingly critical for enterprise network infrastructure, particularly as organisations rely on these systems to manage distributed network connections and remote work capabilities.
Why It Matters
This vulnerability presents significant risk to CISOs managing SD-WAN deployments. A CVSS 10.0 authentication bypass in network control infrastructure could enable attackers to gain administrative control over entire SD-WAN environments, potentially compromising network segmentation, traffic routing, and security policies across distributed enterprise locations.
The confirmed exploitation activity elevates this from a theoretical risk to an active threat requiring immediate board-level attention and emergency patching protocols.
What To Do Now
- Immediately inventory all Cisco Catalyst SD-WAN Controller and SD-WAN Manager deployments in your environment
- Apply Cisco’s security updates as emergency maintenance
- Review SD-WAN access logs for signs of unauthorised administrative access
- Implement additional monitoring on SD-WAN management interfaces until patching is complete
