VIR Vulnerability Intelligence Relay

CVE-2026-20182

critical KEV
Published 2026-05-14 ยท Modified 2026-05-14
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

CISA KEV

Vendor
Cisco
Product
Catalyst SD-WAN
Due date
2026-05-17

Predictions

Exploit likelihood
99%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27
{Vendor advisory: cisa-kev โ€” CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW ; https://nvd.nist.gov/vuln/detail/CVE-2026-20182}

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

auxiliary_admin/networking/cisco_sdwan_vhub_auth_bypass rank 300
Cisco Catalyst SD-WAN Controller vHub Authentication Bypass
Source fetch failed: fetch_error โ€” view the original via the link above.

Application impact
VendorProductVersionsFixed
cisco ciscocatalyst_sd-wan_manager{"endExcluding":"20.9.9.1"}20.9.9.1
cisco ciscocatalyst_sd-wan_manager20.12.7
cisco ciscosd-wan_vsmart_controller{"endExcluding":"20.9.9.1"}20.9.9.1
cisco ciscosd-wan_vsmart_controller20.12.7

References

CWEs

CWE-287

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.