CISCO Security Advisory
Published Date: May 14, 2026
CVE: CVE-2026-20182
Advisory Summary
➤⚠️ Critical Security Vulnerability in Cisco Catalyst SD-WAN Controller
Cisco has disclosed and patched a critical authentication bypass vulnerability (CVE-2026-20182) affecting the Cisco Catalyst SD-WAN Controller and Manager platforms, previously known as SD-WAN vSmart and vManage. This newly identified flaw impairs the peering authentication mechanism during control connection handshaking, enabling an unauthenticated remote attacker to bypass authentication and gain administrative privileges.
The exploitable weakness permits attackers to log in as a high-privileged, non-root internal user, granting access to NETCONF interfaces. Consequently, attackers could manipulate the network configuration of the SD-WAN fabric, risking the integrity and security of the entire SD-WAN deployment.
⚠️ There are no interim workarounds available. Cisco urges all customers to safeguard potential indicators of compromise by running the request admin-tech command on every SD-WAN control component before applying the urgent software update. This step is vital to collect diagnostic data before upgrading systems.
Cisco’s proactive patch release offers a timely resolution, but immediate action is recommended by all users of affected SD-WAN equipment to mitigate exposure to potentially damaging attacks.
- Impact: Unauthorized administrative access leading to network fabric configuration manipulation.
- Affected Products: Cisco Catalyst SD-WAN Controller and Manager.
- Mitigation: Deploy Cisco’s updated software; no temporary workaround.
- Pre-Upgrade Action: Execute request admin-tech command to preserve forensic data.
- Severity: Critical
For infrastructure and network security professionals managing SD-WAN environments, prompt prioritization of this update is essential to maintain operational security and resilience.
-WAN -2026-20182
Reference: Vendor Advisory