Cisco SD-WAN Controller Peering Auth Bypass in Control Connection
CVE-2026-20182 Published on May 14, 2026

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

NVD

Known Exploited Vulnerability

This Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

The following remediation steps are recommended / required by May 17, 2026: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (U

Vulnerability Analysis

CVE-2026-20182 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2026-20182 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2026-20182

Want to know whenever a new CVE is published for Cisco Catalyst Sd Wan Manager? stack.watch will email you.

Cisco Catalyst Sd Wan Manager
 

Affected Versions

Cisco Catalyst SD-WAN Manager:

Exploit Probability

EPSS
83.13%
Percentile
99.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.