Rapid7 Cybersecurity Blog

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) (opens in new tab)

Covers Active exploitation of Cisco Catalyst SD-WAN by UAT-8616Covered by 12 sources See all sources covering this story including BleepingComputer, theregisterDiscussed on Hacker News

OverviewWhile researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182.This new authentication bypass vulnerability affects the “vdaemon” service over DTLS (UDP port 12346), which is the same service that was vulnerable to CVE-2026-20127. The new vulnerability is not a patch bypass of CVE-2026...

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 13 articles

BleepingComputer·

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Feeds
theregister·

Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day

Feeds
SecurityWeek·

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

Feeds
View all 13 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help