www.rapid7.com
Critical Zero-Day Vulnerability CVE-2026-20182 Exploited in Cisco SD-WAN Systems
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and gain administrative privileges, enabling manipulation of network configurations. The vulnerability has a CVSS score of 10.0 and is actively exploited in the wild by a threat actor known as UAT-8616, who previously exploited a similar vulnerability, CVE-2026-20127. Cisco became aware of the exploitation in May 2026 and has released patches to address the issue. Organizations are urged to apply these updates immediately, as there are no effective workarounds. The vulnerability impacts all deployment types of the Cisco Catalyst SD-WAN, including cloud and on-premises solutions. Security advisories have been issued to monitor for unauthorized access attempts.
Key Points: • CVE-2026-20182 is a critical authentication bypass vulnerability with a CVSS score of 10.0. • The vulnerability allows unauthenticated attackers to gain administrative access to Cisco SD-WAN systems. • Active exploitation is linked to the threat actor UAT-8616, who previously exploited similar vulnerabilities.