Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

2026-05-14

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Cisco released updates for CVE-2026-20182, a critical authentication bypass vulnerability (CVSS 10.0) in Catalyst SD-WAN Controller that is actively being exploited.

•CVE-2026-20182 affects the vdaemon service over DTLS (UDP port 12346), allowing unauthenticated remote attackers to bypass authentication
•Successful exploitation allows attackers to log in as a high-privileged vmanage-admin account and access NETCONF
•Attackers can manipulate network configuration for the SD-WAN fabric
•The vulnerability is similar to CVE-2026-20127 (CVSS 10.0), another authentication bypass in the same component exploited since 2023
•Limited exploitation was confirmed in May 2026; Cisco urges immediate patching for internet-exposed systems

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs