What is the CVSS score of CVE-2026-20182?

CVE-2026-20182 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 1.6%.

Which versions of Cisco Catalyst SD-WAN are affected by CVE-2026-20182?

CVE-2026-20182 is a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that allows unauthenticated remote attackers to gain administrative privileges and alter network…

Is there a public PoC exploit available for CVE-2026-20182?

Yes, a public proof-of-concept exploit is available for CVE-2026-20182. Prioritise patching immediately. EPSS: 1.6%.

Cisco Catalyst SD-WAN CVE-2026-20182

EUVD-2026-30324 CRITICAL

Improper Authentication (CWE-287)

2026-05-14 cisco

GHSA-p83j-mxpw-gqpj

Authentication Bypass Cisco

10.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Added to CISA KEV

May 14, 2026 - 17:47 CISA

Analysis Generated

May 14, 2026 - 17:31 vuln.today

CVE Published

May 14, 2026 - 16:08 nvd

CRITICAL 10.0

DescriptionNVD

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. 

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

AnalysisAI

Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. …

RemediationAI

Within 24 hours: Identify and inventory all Cisco Catalyst vSmart Controllers and vManage instances in production. Within 7 days: Implement network-level access controls to restrict NETCONF traffic (port 830) to authorized management stations only; monitor authentication logs for failed peering attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-20182 vulnerability details – vuln.today

Back

Cisco Catalyst SD-WAN CVE-2026-20182

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code