Cisco zero-day under ongoing attack by persistent threat group

Attackers exploited a critical authentication-bypass zero-day (CVE-2026-20182, CVSS 10) in Cisco Catalyst SD-WAN Controller/Manager — attributed to UAT-8616 and tied to prior Cisco edge vulnerabilities — enabling full administrative control across on-premises, cloud, and FedRAMP deployments; Cisco released patches and CISA added the vulnerability to its Known Exploited Vulnerabilities catalog.