Cisco SD-WAN CVE-2026-20182 Added to CISA KEV; Sixth Exploited SD-WAN Zero-Day in 2026

CISA added CVE-2026-20182, a critical authentication bypass in Cisco Catalyst SD-WAN Controller, to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of May 17, 2026. The vulnerability allows unauthenticated remote attackers to bypass authentication and obtain administrative privileges on affected systems. Threat actor UAT-8616 has exploited it in targeted attacks, and it represents the sixth Cisco SD-WAN zero-day actively exploited in 2026 — indicating sustained adversary focus on this product line. Cisco released a patch on Thursday. Organizations using Cisco Catalyst SD-WAN should apply the patch immediately; federal agencies face a hard Sunday deadline.