CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV

Cisco disclosed CVE-2026-20182, a CVSS 10.0 authentication-bypass in Catalyst SD-WAN Controller/Manager allowing remote, unauthenticated attackers to gain high-privileged administrative access; the flaw is actively exploited (attributed to UAT-8616), has been added to CISA’s KEV, has no available workarounds, and Cisco recommends immediate upgrades and compromise assessments.