Critical Zero-Day Vulnerability CVE-2026-20182 Exploited in Cisco SD-WAN Systems

Critical Zero-Day Vulnerability CVE-2026-20182 Exploited in Cisco SD-WAN Systems

First seen 14 May 2026, 16:43 UTC Blog.TalosintelligenceSecurityaffairs.CoBleepingcomputerDarkreadingwww.rapid7.com+50 87% similarity 87.2

Article Content

Browse articles
ThreatCluster

Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and gain administrative privileges, enabling manipulation of network configurations. The vulnerability has a CVSS score of 10.0 and is actively exploited in the wild by a threat actor known as UAT-8616, who previously exploited a similar vulnerability, CVE-2026-20127. Cisco became aware of the exploitation in May 2026 and has released patches to address the issue. Organizations are urged to apply these updates immediately, as there are no effective workarounds. The vulnerability impacts all deployment types of the Cisco Catalyst SD-WAN, including cloud and on-premises solutions. Security advisories have been issued to monitor for unauthorized access attempts.

Key Points: • CVE-2026-20182 is a critical authentication bypass vulnerability with a CVSS score of 10.0. • The vulnerability allows unauthenticated attackers to gain administrative access to Cisco SD-WAN systems. • Active exploitation is linked to the threat actor UAT-8616, who previously exploited similar vulnerabilities.

ThreatCluster AI

Timeline

2022-09-30
CVE-2022-20775 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-25
CVE-2026-20127 published
Cisco disclosed CVE-2026-20127, a critical authentication bypass vulnerability, which was actively exploited.
Tenable
2026-02-25
CVE-2026-20128 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-25
CVE-2026-20133 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-25
CVE-2026-20122 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-14
CVE-2026-20182 published
Cisco announced CVE-2026-20182, a new critical vulnerability discovered during investigations into CVE-2026-20127.
Rapid7
2026-05-14
CVE-2026-20182 added to CISA KEV
CISA added CVE-2026-20182 to its Known Exploited Vulnerabilities catalog due to active exploitation.
BleepingComputer
2026-05-15
Cisco urges immediate patching
Cisco advised organizations to apply patches for CVE-2026-20182 immediately to mitigate risks from exploitation.
CSO Online

Community

Browse all →