CVE-2026-20182: Cisco SD-WAN Auth Bypass Under Active Exploitation

Written by Sarah Chen | Networking & Security


            
        May 26, 2026
    
    
CVE-2026-20182: Cisco SD-WAN Auth Bypass Under Active Exploitation


        New post on IGNA Online
If you're running Cisco Catalyst SD-WAN, this one needs your immediate attention.
CVE-2026-20182 is a CVSS 10.0 authentication bypass in the SD-WAN Controller and Manager being actively exploited by nation-state actor UAT-8616. CISA has issued Emergency Directive 26-03 mandating immediate remediation.
This post covers the DTLS handshake root cause, the full attack chain (auth bypass → root escalation → SSH key injection → NETCONF manipulation → log clearing), detection commands to run right now, the patch matrix, and CISA ED 26-03 hardening steps.
Read the full guide on IGNA Online →
Written by Sarah Chen | Networking & Security
    

                                Don't miss what's next. Subscribe to IGNA Online:
                            
                        
            Email address (required)