LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-20182

CVE-2026-20182 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: May 14, 2026

Cisco Catalyst SD-WAN Controller & Manager - Authentication Bypass

Published: May 14, 2026Updated: May 14, 2026KEVRemote Exploitable

Overview

Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass caused by improper peering authentication mechanism, letting unauthenticated remote attackers obtain administrative privileges, exploit requires sending crafted requests.

Severity & Score

Severity: Critical
CVSS Score: 10.0
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can gain administrative access and manipulate network configurations, risking full control of the SD-WAN fabric.

Mitigation

Update to the latest fixed version as per Cisco advisory.

References

Social Media Activity(6 posts)

CISA KEV Tracker
CISA KEV Tracker
@cisakevtracker
May 14, 2026

CVE ID: CVE-2026-20182 Vendor: Cisco Product: Catalyst SD-WAN Date Added: 2026-05-14 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20182

View original post
AA
AA
@AAKL
May 14, 2026

This Cisco vulnerability has been fixed. Rapid7: CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ @Rapid7Official #infosec #Cisco #vulnerability

View original post
AA
AA
@AAKL
May 14, 2026

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?" - CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW - CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability @cR0w

View original post
CISA KEV Tracker
CISA KEV Tracker
@cisakevtracker
May 14, 2026

CVE ID: CVE-2026-20182 Vendor: Cisco Product: Catalyst SD-WAN Date Added: 2026-05-14 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-20182

View original post
AA
AA
@AAKL
May 14, 2026

This Cisco vulnerability has been fixed. Rapid7: CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed/ @Rapid7Official #infosec #Cisco #vulnerability

View original post
AA
AA
@AAKL
May 14, 2026

I'm almost inclined to gloat after the 4000 (mere change) layoffs because "look, we're drowning in money. Who needs people?" - CRITICAL: CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW - CRITICAL: CVE-2026-20209, CVE-2026-20210 CVE-2026-20224: Cisco Catalyst SD-WAN Manager Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R @TalosSecurity #infosec #Cisco #vulnerability @cR0w

View original post

Related Resources

Details

CVE ID
CVE-2026-20182
Severity
Critical
CVSS Score
10.0
Type
broken_authentication
Status
unconfirmed
EPSS
0.0%
Social Posts
6

CWE

  • CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days