CVE-2026-20182

critical KEV

Published 2026-05-14 · Modified 2026-05-14

CVSS v3

10.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2

—

VIR risk

10.0

Description

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

CISA KEV

Vendor: Cisco
Product: Catalyst SD-WAN
Due date: 2026-05-17

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW ; https://nvd.nist.gov/vuln/detail/CVE-2026-20182

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

Exploits

Application impact

Vendor	Product	Versions	Fixed
cisco	catalyst_sd-wan_manager	`{"endExcluding":"20.9.9.1"}`	`20.9.9.1`
cisco	catalyst_sd-wan_manager	`20.12.7`
cisco	sd-wan_vsmart_controller	`{"endExcluding":"20.9.9.1"}`	`20.9.9.1`
cisco	sd-wan_vsmart_controller	`20.12.7`

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.