Sd-Wan

vulnerability 2026-05-16
Cisco Catalyst SD-WAN CVE-2026-20182: Second vdaemon Auth Bypass Lands in CISA KEV
Cisco patched a CVSS 10.0 auth bypass in Catalyst SD-WAN Controller's vdaemon service. UAT-8616 is already exploiting it. CISA added it to KEV May 15 with a May 17 deadline.
cisco sd-wan uat-8616 cisa-kev auth-bypass active-exploitation cvss-10
vulnerabilities 2026-04-21 High
Cisco Catalyst SD-WAN Manager: Three CVEs Land on CISA KEV With April 28 Federal Deadline
CISA added CVE-2026-20122, CVE-2026-20128, and CVE-2026-20133 in Cisco Catalyst SD-WAN Manager (vManage) to the KEV catalog on April 20, 2026. Two of the three were confirmed exploited in the wild by Cisco PSIRT in March; together they let an attacker move from low-privilege API access to full vManage takeover.
cisco sd-wan vmanage cisa-kev network-security privilege-escalation information-disclosure patch-tuesday
vulnerabilities 2026-04-01 Critical
CVE-2026-20127: Cisco SD-WAN Zero-Day Exploited for Three Years Before Disclosure
UAT-8616 abused a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller and Manager since 2023, inserting rogue control-plane peers and escalating to root via a deliberate version-downgrade chain. Cisco disclosed in late February.
cisco sd-wan authentication-bypass zero-day uat-8616 cvss-10 network-security privilege-escalation

Cisco Catalyst SD-WAN CVE-2026-20182: Second vdaemon Auth Bypass Lands in CISA KEV