Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-20182: Cisco SD-WAN Controller allows unauthorized access
Known exploited
Exploitation likelihood: 81%
CVE-2026-20182
CVE-2026-20182
Summary
A security issue in Cisco's SD-WAN Controller lets attackers access the system without a password. This means they could potentially take control of the system and make changes to the network. To fix this, update the software to the latest version and ensure all users follow proper security protocols.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| cisco | catalyst sd-wan | All versions |
| cisco | catalyst_sd-wan_manager |
< 20.9.9.1 >= 20.10, < 20.12.5.4 >= 20.12.6, < 20.12.6.2 >= 20.13, < 20.15.4.4 >= 20.15.5, < 20.15.5.2 >= 20.16, < 20.18.2.2 >= 26.1, < 26.1.1.1 20.12.7 cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:* |
| cisco | sd-wan_vsmart_controller |
< 20.9.9.1 >= 20.10, < 20.12.5.4 >= 20.12.6, < 20.12.6.2 >= 20.13, < 20.15.4.4 >= 20.15.5, < 20.15.5.2 >= 20.16, < 20.18.2.2 >= 26.1, < 26.1.1.1 20.12.7 cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:* |
Original title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Original description
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Vulnerability type
CWE-287
Improper Authentication
Published: 14 May 2026 · Updated: 2 Jun 2026 · First seen: 14 May 2026