Cisco Talos is tracking active exploitation of an authentication bypass vulnerability (CVE-2026-20182) affecting Cisco Catalyst SD-WAN Controller and SD-WAN Manager, core network management components used widely across enterprise and government environments.

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It's