CISCO Security Advisory
Published Date: May 27, 2026
CVE: CVE-2026-20182
Advisory Summary
â—† Critical Vulnerability in Cisco Catalyst SD-WAN Controller Authentication Exposes Networks to Remote Takeover â—†
Cisco has issued an urgent security advisory regarding a newly discovered critical vulnerability (CVE-2026-20182) affecting its Catalyst SD-WAN Controller and Manager platforms—previously known as SD-WAN vSmart and vManage respectively. This flaw resides in the peering authentication process during control connection handshaking, allowing unauthenticated remote attackers to bypass authentication mechanisms and gain administrative-level access to impacted systems.
By exploiting crafted requests, an attacker can log in as a privileged internal user (non-root) and leverage NETCONF access to manipulate SD-WAN network configurations across the fabric. The implication is severe: unauthorized full control over the SD-WAN environment’s routing and policies, which can lead to data interception or network disruption.
Cisco emphasizes that no workaround exists, and immediate application of the released software patches is mandatory. To prepare for an upgrade, administrators should first execute the “request admin-tech” command on all control components to capture vital Indicators of Compromise (IoCs). Retaining and analyzing logs before and after patching is critical to detect any system compromise. If an intrusion is confirmed, simply upgrading will be insufficient—affected customers must engage Cisco TAC for comprehensive remediation.
This incident highlights the growing complexity and risk inherent in SD-WAN infrastructures, underscoring the necessity for vigilant monitoring, timely patch management, and rigorous security practices.
Stay proactive: verify control connections, secure deployment components, and apply updates without delay.
â–¶
-WAN -2026-20182
Reference: Vendor Advisory