ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:40:07 UTC
← All briefs
CRITICALCyber IntelligenceFriday, May 15, 2026

Cisco SD-WAN flaw exploited as zero-day, grants admin access

Critical authentication bypass in Catalyst SD-WAN Controller allowed attackers to seize administrative control before patch release, Cisco confirms.

Cisco has disclosed that a critical vulnerability in its Catalyst SD-WAN Controller was exploited in the wild before a fix became available. Tracked as CVE-2026-20182, the flaw permits unauthenticated attackers to bypass authentication mechanisms and gain full administrative privileges on affected devices.

The vulnerability resides in the authentication subsystem of the SD-WAN Controller, which enterprises use to centrally manage distributed network infrastructure. Exploitation requires network access to the management interface but does not depend on user interaction or prior credentials. Cisco has not disclosed the scale of exploitation or attributed the activity to specific threat actors.

A patch was released concurrent with the advisory. Cisco rates the flaw 9.8 on the CVSS scale. Organizations using Catalyst SD-WAN Controller in production environments—particularly those exposing management interfaces to untrusted networks—face immediate risk. No workaround exists short of applying the update or isolating the controller from external access.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Enterprises running unpatched Catalyst SD-WAN Controllers risk full network compromise via admin takeover
  • 02Threat actors may have mapped vulnerable instances during zero-day window; retroactive log review essential
  • 03SD-WAN attack surface expanding as adoption grows; centralized control plane now persistent adversary objective
Source
BleepingComputer
https://www.bleepingcomputer.com/news/security/cisco-warns-of-new-critical-sd-wan-flaw-exploited-in-zero-day-attacks/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#cisco#sd-wan#zero-day#cve-2026-20182#authentication bypass#network security
Related Briefs