criticalCISA KEVCVE-2026-20182

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

ProductCatalyst SD-WAN
CVSS10.0
EPSS0.87693
UpdatedJuly 9, 2026

Quick answer

Cisco Catalyst SD-WAN should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • 20.12.7

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2026-20182 is an authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that can allow unauthenticated remote administrative access. Cisco states that software updates are available and that there are no workarounds. Preserve indicators with admin-tech collection before upgrading where possible, then upgrade affected control components and validate SD-WAN peering, auth logs, and configuration integrity.

  1. Identify all Cisco Catalyst SD-WAN Controller, Manager, and related control components in every deployment type.
  2. Before upgrading, collect request admin-tech output from control components to preserve possible indicators of compromise.
  3. Upgrade affected Cisco Catalyst SD-WAN software to a fixed release listed in the Cisco advisory.
  4. Limit management and control-plane exposure to trusted networks and remove unnecessary internet exposure.
  5. Review auth.log and control connection logs for unknown vmanage-admin access, unauthorized peers, unexpected system IPs, or abnormal peering events.
  6. Validate SD-WAN configuration, policies, templates, device inventory, and certificates for unauthorized changes.
  7. Open a Cisco TAC case with the CVE ID if compromise indicators are found or validation is uncertain.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm each SD-WAN control component reports a Cisco fixed software release.
  • Verify all control connections and peering events map to authorized devices and expected maintenance windows.
  • Confirm no unknown public IPs, system IPs, or vmanage-admin logins appear in auth logs.
  • Validate configuration backups against the current running configuration for unauthorized changes.
  • Run a Fixnx scan and exposure review for public management surfaces after upgrades.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-20182?

Cisco Catalyst SD-WAN should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.