Cisco Talos is tracking active exploitation of an authentication bypass vulnerability (CVE-2026-20182) affecting Cisco Catalyst SD-WAN Controller and SD-WAN Manager, core network management components used widely across enterprise and government environments.

The Cybersecurity and Infrastructure Security Agency (CISA) has added eight newly discovered vulnerabilities showing evidence of active exploitation to its Known Exploited Vulnerabilities Catalog. The vulnerabilities span multiple critical systems including PaperCut NG/MF, JetBrains TeamCity, Kentico Xperience, Quest KACE, Zimbra Collaboration Suite, and Cisco Catalyst SD-WAN Manager, affecting authentication, path traversal, and information disclosure. Federal agencies are required to remediate these vulnerabilities by specified deadlines under Binding Operational Directive 22-01, and CISA urges all organizations to prioritize patching as part of their vulnerability management strategy.