Home · Briefs · CTI Weekly Summary — 2026-W21 (Mon 18 – Sun 24, 2026)
CVE-2026-20182 — Cisco Catalyst SD-WAN: pre-auth authentication bypass, Active ITW, CISA KEV
From CTI Weekly Summary — 2026-W21 (Mon 18 – Sun 24, 2026) · published 2026-05-18
The pre-auth bypass in Cisco Catalyst SD-WAN Manager and Controller (CVSS 10.0) — including exploitation by a cluster Talos tracks as UAT-8616 — allows administrative account creation and device-configuration modification without authentication. CISA KEV-listed. Patched builds per Cisco PSIRT (20.9.9.1, 20.12.5.4, 20.12.6.2, 20.12.7.1, 20.15.4.4, 20.15.5.2, 20.18.2.2, 26.1.1.1) must be applied immediately; older releases require upgrade. Swiss and EU operators should treat this at Kritisch/Critical urgency based on active exploitation rate.