Description
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. 

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Published: 2026-05-14
Score: 10 Critical
EPSS: 1.6% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the peering authentication mechanism of the Cisco Catalyst SD‑WAN Controller (formerly SD‑WAN vSmart) and Manager (formerly SD‑WAN vManage). An attacker who can send crafted requests to the control connection handshake can bypass authentication and obtain a high‑privileged, non‑root administrative account. This enables the attacker to access NETCONF and modify network configuration across the SD‑WAN fabric, potentially disrupting connectivity or implementing malicious routes.

Affected Systems

Affected are Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager. No specific version range is disclosed, so all currently deployed instances remain vulnerable until the vendor issues the remedial software.

Risk and Exploitability

With a CVSS score of 10, this flaw is considered critical. The vulnerability is listed in the CISA KEV catalog, underscoring its exploitation relevance. The advisory notes that an unauthenticated, remote attacker can exploit the flaw simply by sending crafted requests; no additional authentication or privileged network location is required, indicating a high likelihood of exploitation in targeted environments. EPSS score of 2%, reflecting a modest exploitation probability, while the KEV listing underscores active exploitation activity.

Generated by OpenCVE AI on May 15, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Catalyst SD‑WAN Controller firmware or software update that includes the authentication‑bypass fix.
  • Apply the latest Cisco Catalyst SD‑WAN Manager firmware or software update that includes the authentication‑bypass fix.
  • Configure and validate peering authentication per Cisco’s Show Control Connections guidance, ensuring certificate validation and restricting access to the control interface.

Generated by OpenCVE AI on May 15, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Cisco sd-wan Vsmart Controller
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.12.7:*:*:*:*:*:*:*
Vendors & Products Cisco sd-wan Vsmart Controller

Fri, 15 May 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 14 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-05-14T00:00:00+00:00', 'dueDate': '2026-05-17T00:00:00+00:00'}

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Title Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Cisco Catalyst Sd-wan Manager Sd-wan Vsmart Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-05-15T03:56:08.320Z

Reserved: 2025-10-08T11:59:15.393Z

Link: CVE-2026-20182

cve-icon Vulnrichment

Updated: 2026-05-14T17:41:18.017Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-14T17:16:19.387

Modified: 2026-05-15T12:45:53.990

Link: CVE-2026-20182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T14:45:16Z

Weaknesses