Auth-Bypass

vulnerability 2026-05-16
Cisco Catalyst SD-WAN CVE-2026-20182: Second vdaemon Auth Bypass Lands in CISA KEV
Cisco patched a CVSS 10.0 auth bypass in Catalyst SD-WAN Controller's vdaemon service. UAT-8616 is already exploiting it. CISA added it to KEV May 15 with a May 17 deadline.
cisco sd-wan uat-8616 cisa-kev auth-bypass active-exploitation cvss-10

Cisco Catalyst SD-WAN CVE-2026-20182: Second vdaemon Auth Bypass Lands in CISA KEV