CVE-2026-20182: Critical Authentication Bypass in Cisco SD-WAN Can Grant Admin Access

CVE-2026-20182 is a critical (CVSS 10.0) authentication-bypass in Cisco Catalyst SD-WAN Controller/Manager allowing an unauthenticated attacker to be treated as a trusted control-plane peer via a crafted DTLS/handshake sequence; successful exploitation can append SSH keys, manipulate NETCONF/configuration, and grant broad administrative control. Rapid7 published technical analysis and a Metasploit module, Cisco reported limited exploitation in May 2026 and linked activity to UAT-8616, and CISA added the flaw to its Known Exploited Vulnerabilities catalog; Cisco recommends immediate upgrade to fixed releases and collecting admin-tech bundles for forensics.