CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
CISA added Cisco Catalyst SD-WAN auth-bypass CVE-2026-20182 (CVSS 10.0) to its KEV catalog after UAT-8616 admin-access exploits. FCEB agencies required to patch by May 17, 2026.
What’s new: CISA has added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability allows unauthenticated remote attackers to gain administrative access. It has a CVSS score of 10.0, indicating maximum severity. Federal Civilian Executive Branch agencies are required to remediate this issue by May 17, 2026.
Who’s affected
Organizations using Cisco Catalyst SD-WAN Controller and Manager are at risk due to this vulnerability. Active exploitation has been linked to a threat actor group identified as UAT-8616, which has been observed performing post-compromise actions on affected systems.
What to do
- Remediate CVE-2026-20182 by the deadline of May 17, 2026, as mandated by CISA.
- Follow Cisco’s guidance and advisories for mitigating this vulnerability and related threats.
- Monitor for signs of exploitation and unauthorized access in your Cisco SD-WAN environments.
