Critical Cisco SD-WAN Zero-Day Under Active Exploitation Following Disclosure

Cisco has disclosed a critical authentication bypass vulnerability, tracked as CVE-2026-20182, affecting Catalyst SD-WAN Controller systems and carrying the maximum CVSS score of 10. The flaw allows attackers to bypass authentication and gain administrative privileges, with active exploitation already observed shortly after public disclosure. Researchers at Rapid7 identified the issue while investigating another actively exploited vulnerability, CVE-2026-20127, in the same vdaemon service over DTLS. Cisco has released security updates and warned that the threat actor tracked as UAT-8616 is leveraging both flaws, prompting CISA to add the vulnerability to its Known Exploited Vulnerabilities catalog.

Reference: cybersecuritydive.com