CVE-2026-20182— Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Public Exploits 1
Metasploit · 1 cisco_sdwan_vhub_auth_bypass.rb [auxiliary]
In-the-Wild Activity Observed github_trending · low cisa_kev · confirmed
Possible ATT&CK Techniques 3AI
T1518.001 · Security Software Discovery T1136.001 · Local Account T1199 · Trusted RelationshipAffected Version Matrix 34
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 20.1.12 | affected |
19.2.1 | affected | ||
18.4.4 | affected | ||
18.4.5 | affected | ||
20.1.1.1 | affected | ||
20.1.1 | affected | ||
19.2.099 | affected | ||
18.3.6 | affected | ||
| … +26 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-20182
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Catalyst SD-WAN Manager和Cisco Catalyst SD-WAN Controller 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage)和Cisco Catalyst SD-WAN Controller都是美国思科(Cisco)公司的产品。Cisco Catalyst SD-WAN Manager是一个高度可定制的仪表板。可简化和自动化 Cisco SD-WAN 的部署、配置、管理和操作。Cisco Catalyst SD-WAN Controller是一个安全策略控制面板。 Cisco Catalyst SD-WAN Manager(C
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 20.1.12 | - |
II. Public POCs for CVE-2026-20182
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Cisco Catalyst SD-WAN Controller and Manager contain an authentication bypass caused by improper peering authentication mechanism, letting unauthenticated remote attackers obtain administrative privileges, exploit requires sending crafted requests. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2026/CVE-2026-20182.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-20182
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-20182 (2)
Same Patch Batch · Cisco · 2026-05-14 · 4 CVEs total
| CVE-2026-20224 | 8.6 HIGH | Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability |
| CVE-2026-20210 | 5.4 MEDIUM | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
| CVE-2026-20209 | 5.4 MEDIUM | Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Catalyst SD-WAN Manager
- CVE-2026-20224
Cisco Catalyst SD-WAN Manager XML External Entity Injection - CVE-2026-20210
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20209
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerabi - CVE-2026-20108
Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 跨站脚本漏洞 - CVE-2026-20122
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulne
Same vendor: Cisco
Same weakness: CWE-287
- CVE-2026-12183
BUK TS-G系统2.9.1-2.10.2认证漏洞 - CVE-2026-50623
Apache CXF: Authentication Bypass in OAuth2 TokenIntrospecti - CVE-2026-48611
OAuth实现未正确验证身份导致默认安装账户劫持 - CVE-2026-40995
X.509 authentication bypasses Spring Security account checks - CVE-2026-46705
russh server userauth state is not reset when authentication
V. Comments for CVE-2026-20182
No comments yet