16 May 2026
Reference: CVE-2026-20182
1. What is being reported?
The vulnerability involves a problem in the way Cisco's SD-WAN Controller checks who is trying to connect. An attacker can send specially crafted requests to bypass authentication and log in as an administrator. This lets them access and change network configurations, potentially disrupting your internet and communications.
2. What this means in plain English
If your organisation uses Cisco Catalyst SD-WAN technology to manage your network, this flaw could let hackers take control of your network settings remotely. This could lead to network outages, data interception, or other serious disruptions. If you don't use this technology, you are not affected by this specific issue.
3. Could this affect a small business?
Small businesses or charities that rely on Cisco Catalyst SD-WAN Controllers for their network management could be at risk. Those who do not use this Cisco product or do not have SD-WAN technology in place are unlikely to be affected.
4. What to do now
- Check with your IT provider if your network uses Cisco Catalyst SD/WAN Controller or Manager products.
- If you do use these products, ensure all available security updates and patches from Cisco are applied immediately.
- Follow guidance from your IT provider or Cisco on how to monitor and secure your SD-WAN devices against this vulnerability.
- If patches or mitigations are not available, consider discontinuing use of the affected product until it is secured.
5. Ask your IT provider
Can you confirm whether our network uses Cisco Catalyst SD-WAN Controller or Manager, and if so, have all patches for CVE-2026-20182 been applied to protect against authentication bypass?
6. Bottom line
If you use Cisco Catalyst SD/WAN, act quickly to apply updates and secure your network against this critical vulnerability.
Information sourced from CISA KEV, NVD and multiple reputable security reports.