Authentication Bypass in Cisco Catalyst SD-WAN Controller and Manager
CVE-2026-20182
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 14 May 2026
Badges
What is CVE-2026-20182?
A vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller and Manager enables remote attackers to bypass authentication and gain administrative privileges. The flaw arises from an ineffective peering authentication mechanism, allowing crafted requests to compromise the system. Successful exploitation could give an attacker access as a high-privileged, non-root user, enabling control over network configurations via NETCONF. This could severely impact the security and integrity of the SD-WAN infrastructure.
Affected Version(s)
Cisco Catalyst SD-WAN Manager 20.1.12
Cisco Catalyst SD-WAN Manager 19.2.1
Cisco Catalyst SD-WAN Manager 18.4.4
News Articles
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices.
31 minutes ago
The Hacker NewsCVE-2026-20182Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
CVE-2026-20182 bypasses Cisco SD-WAN auth via DTLS port 12346, enabling admin access after May 2026 exploitation.
2 hours ago
References
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฐ
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved