CVE-2026-20182
Coverage of CVE-2026-20182 in the Nexus archive.
- Cisco customers encounter another SD-WAN zero-day under attack
Cisco customers are facing another actively exploited zero-day vulnerability (CVE-2026-20245) in its SD-WAN management software, marking the seventh such exploit this year. The flaw allows authenticated attackers to execute commands as root, but Cisco warns no patch or workaround is currently available, and exploitation requires existing credentials or prior vulnerabilities.
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
Cisco's SD-WAN management software is under attack due to a high-severity zero-day vulnerability (CVE-2026-20245), which allows authenticated attackers to escalate privileges and execute commands. Cisco has not yet released a patch, and this is the sixth SD-WAN vulnerability exploited since the year began.
- Cisco zero-day under ongoing attack by persistent threat group
Cisco is under attack by a persistent threat group exploiting a zero-day vulnerability in its Catalyst SD-WAN Controller and Manager, with a CVSS rating of 10. The vulnerability, CVE-2026-20182, allows attackers to bypass authentication and gain administrative access. Cisco has released a patch for the vulnerability.
- Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day
Cisco admins must patch a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager, which allows unauthenticated remote attackers to gain admin privileges. The vulnerability, CVE-2026-20182, has been exploited as a zero-day and was added to the Known Exploited Vulnerabilities catalog. Cisco strongly recommends applying available fixes.
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
CISA has added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog. Federal Civilian Executive Branch agencies are required to remediate the vulnerability by May 17, 2026.
- Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco has warned of a critical flaw in its Catalyst SD-WAN Controller that is being exploited in zero-day attacks, allowing attackers to gain administrative privileges on compromised devices. The flaw, tracked as CVE-2026-20182, is an authentication bypass vulnerability. Cisco is warning users to take immediate action to protect their devices.
- Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco released updates to address a severe authentication bypass flaw in Catalyst SD-WAN Controller, which has been exploited in limited attacks, carrying a CVSS score of 10.0. The vulnerability is tracked as CVE-2026-20182 and affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager.