PatchSiren cyber security CVE debrief
CVE-2026-20182 Cisco CVE debrief
CVE-2026-20182 is a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-05-14. Because it is on the KEV list, defenders should treat it as a priority exposure and follow CISA’s ED-26-03 and Cisco SD-WAN hunt-and-hardening guidance without delay. CISA’s metadata also notes that, where mitigations are not available, organizations should consider discontinuing use of the product under the applicable BOD 22-01 cloud-services guidance.
- Vendor
- Cisco
- Product
- Catalyst SD-WAN
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2026-05-14
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-14
- Advisory updated
- 2026-05-14
Who should care
Security teams responsible for Cisco Catalyst SD-WAN / Cisco SD-WAN deployments, network and infrastructure administrators, vulnerability management teams, and incident response teams that monitor CISA KEV items.
Technical summary
The supplied source describes CVE-2026-20182 as an authentication bypass issue affecting Cisco Catalyst SD-WAN Controller. The only authoritative details available in the provided corpus are the product scope, vulnerability type, and CISA KEV status. The KEV entry identifies the vulnerability as actively exploited enough to warrant inclusion in CISA’s catalog and directs defenders to Cisco’s advisory plus CISA’s ED-26-03 and hunt-and-hardening guidance.
Defensive priority
Critical. This is a KEV-listed Cisco SD-WAN issue with a CISA due date of 2026-05-17, so exposure assessment and mitigation should be handled immediately.
Recommended defensive actions
- Identify whether any Cisco Catalyst SD-WAN / Cisco SD-WAN controllers or related services are in scope in your environment.
- Review CISA’s Emergency Directive 26-03 for required mitigation steps.
- Follow CISA’s Hunt & Hardening Guidance for Cisco SD-WAN devices.
- Consult the Cisco security advisory for vendor-specific remediation and mitigation status.
- If mitigations are not available, evaluate discontinuing use of the product as directed in the CISA notes and applicable BOD 22-01 guidance for cloud services.
- Prioritize monitoring, containment, and incident-response preparation around affected SD-WAN management planes until exposure is resolved.
Evidence notes
This debrief is based only on the supplied CISA KEV metadata and the official reference links included in the prompt. The source identifies the issue as "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability," adds it to the KEV catalog on 2026-05-14, and sets a due date of 2026-05-17. No CVSS score, exploit mechanics, affected versions, or remediation specifics beyond the CISA-directed guidance were provided in the source corpus.
Official resources
-
CVE-2026-20182 CVE record
CVE.org
-
CVE-2026-20182 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidan
-
Source item URL
cisa_kev
CISA added CVE-2026-20182 to the Known Exploited Vulnerabilities catalog on 2026-05-14 and assigned a due date of 2026-05-17. The supplied source identifies the issue as an authentication bypass vulnerability in Cisco Catalyst SD-WAN / SD-W