Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182) (opens in new tab)

Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor.Key TakeawaysCVE-2026-20182 is a critical (CVSSv3 10.0) authentication bypass in Cisco Catalyst SD-WAN Controller and Manager disclosed on May 14 with confirmed active exploitation.A sophisticated threat actor designated UAT-8616 has exp...