Critical Zero-Day Vulnerability CVE-2026-20182 Exploited in Cisco SD-WAN Systems

Cisco disclosed a critical authentication-bypass zero-day (CVE-2026-20182) affecting Catalyst SD-WAN Controller and Manager, with a CVSS 10.0 rating and active exploitation by the actor UAT-8616; the flaw allows unauthenticated remote attackers to gain administrative privileges across cloud and on-prem deployments, Cisco released patches in May 2026 and organizations are urged to apply them immediately as no reliable workarounds exist.