Exposures › CVE-2026-20182
Cisco Catalyst SD-WAN Controller allows unauthenticated remote attackers to bypass authentication and gain administrative privileges.
This authentication bypass vulnerability enables remote attackers to escalate privileges without credentials, posing a severe risk to DIB organizations relying on Cisco SD-WAN for network control. The vulnerability is actively exploited in the wild and linked to ransomware campaigns, making it a critical compliance failure for FedRAMP vendors and hardware suppliers. Organizations must immediately patch affected systems and audit access controls to prevent unauthorized administrative access.
Shame score — Active exploitation in the wild combined with ransomware linkage and unauthenticated remote access to administrative privileges represents a severe, avoidable security failure.
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
| Product | Provider | Status | Match |
|---|---|---|---|
| AppDynamics GovAPM | AppDynamics (a Cisco company) | Authorized | dex-judge · 0.95 |
| Cisco Cloudlock for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Cisco Meraki for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco SD-WAN for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Umbrella for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Duo Federal | Duo Security (A Cisco Company) | Authorized | dex-judge · 0.95 |
| WebEx Contact Center Enterprise for Government (WxCCE-G) | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Webex for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |