CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-20182 is a Severity not scored in source feed flaw in Cisco Catalyst SD-WAN. Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. It is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-05-14), meaning it is being actively exploited. The fix: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Source: CISA Known Exploited Vulnerabilities Catalog. Data as of 2026-06-13.
Vulnerability details
| Field | Value |
|---|---|
| CVE ID | CVE-2026-20182 |
| Vulnerability | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability |
| Vendor / product | Cisco — Catalyst SD-WAN |
| CVSS base score | Not in source feed |
| Severity | — |
| Weakness (CWE) | CWE-287 |
| Added to CISA KEV | 2026-05-14 |
| CISA remediation due | 2026-05-17 |
| Known ransomware use | Unknown |
Source: CISA Known Exploited Vulnerabilities Catalog. Data as of 2026-06-13.
What is the risk?
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
How to remediate CVE-2026-20182
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
U.S. federal civilian agencies were required to remediate this vulnerability by 2026-05-17 under CISA Binding Operational Directive 22-01. Private organizations should treat it with comparable urgency.
References
Frequently asked questions
What is CVE-2026-20182?
CVE-2026-20182 is a vulnerability in Cisco Catalyst SD-WAN: Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
How severe is CVE-2026-20182?
The CISA KEV catalog does not publish a CVSS base score for this entry. Check the NVD record for the official score. Its presence in the KEV catalog means it is confirmed to be exploited in the wild.
Is CVE-2026-20182 being exploited in the wild?
Yes. It appears in the CISA Known Exploited Vulnerabilities (KEV) catalog, which only lists vulnerabilities with reliable evidence of active exploitation. It was added on 2026-05-14.
How do I fix CVE-2026-20182?
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Related vulnerabilities
- CVE-2026-20245: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
- CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
- CVE-2025-48595: Android Framework Integer Overflow Vulnerability
- CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
Last updated: 2026-06-13