CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability. Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

• CISA KEV-listed (remediation due 2026-05-17)
• EPSS 83.8% (99.3% percentile)

Related briefings

• Hackers Break Into Unpatched Cisco SD-WAN Devices to Plant Webshells 2026-06-06

Browse the CVE database

Read the full analysis on IntelFusions