US and Global Agencies Urge Immediate Patch for Cisco SD-WAN Flaw

Cisco disclosed a critical authentication-bypass vulnerability in its Catalyst SD-WAN Controller and Manager software on May 15, 2026 ^[5].

The flaw is significant because it allows remote attackers to bypass security protocols and obtain full administrative control of SD-WAN devices. Since these controllers manage entire network infrastructures, a breach could compromise the integrity of enterprise and government networks worldwide.

Security researcher Switchzilla disclosed the bug, identified as CVE-2026-20182 ^[1]. The vulnerability carries a CVSS severity score of 10.0, the maximum possible rating ^[4]. Other reports have associated the critical flaw with identifiers CVE-2026-20127 ^[2] and CVE-2025-20188 ^[3].

National cyber agencies from five countries, the U.S., UK, Canada, Australia, and New Zealand, are urging administrators to apply patches immediately ^[7]. The Cybersecurity and Infrastructure Security Agency (CISA) said that the vulnerability is already being exploited in the wild ^[3].

While the public disclosure occurred this week, some reports indicate that active exploitation of related authentication-bypass bugs has been observed as early as 2023 ^[6]. The "make-me-admin" nature of the flaw means attackers do not need existing credentials to seize control of the system.

Cisco has released updates to address the vulnerability. Security experts said that organizations should prioritize these updates to prevent unauthorized access to their network management layers.