CISA orders federal agencies to patch Cisco SD-WAN flaw (opens in new tab)

Cisco released fixes for CVE-2026-20182, a maximum-severity authentication bypass in Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, after the company said attackers exploited the flaw in limited attacks. The vulnerability carries a CVSS 10.0 score and can allow an unauthenticated remote attacker to bypass authentication, gain administrative privileges and manipulate SD-WAN fabric configuration through NETCONF access. CISA added CVE-2026-20182 to its Known Exploited Vulner...