CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

2026-05-15

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

CISA added CVE-2026-20182, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller rated 10.0 CVSS, to its Known Exploited Vulnerabilities catalog requiring federal remediation by May 17, 2026.

•Threat cluster UAT-8616 actively exploits the flaw to gain administrative privileges and perform post-compromise actions including SSH key injection and privilege escalation
•At least 10 different threat clusters exploit chained vulnerabilities to gain unauthorized device access
•Attackers deploy web shells (Godzilla, Behinder, XenShell) and C2 frameworks (Sliver, AdaptixC2) via publicly available PoC exploit code
•Secondary payloads target credential theft including admin hashdumps, JWT key chunks, and AWS credentials for vManage access

This summary was automatically generated by AI based on the original article and may not be fully accurate.

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks