Week 21 – Cisco SD-WAN: Peers Only… Or Not
18 – 24 May 2026
In this week’s CVE of the Week, we’ll be looking at a vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller. Cisco Catalyst SD-WAN is a software-based networking platform that connects branch offices, data centers, and cloud environments through a centrally managed system.
Tracked as CVE-2026-20182, this maximum severity (CVSS score of 10.0) flaw could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system by sending crafted requests.
A successful exploit could permit the attacker to log in to the Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account, and then weaponize it to access NETCONF and manipulate network configuration for the SD-WAN fabric.
The vulnerability impacts the following deployments:
- On-Prem Deployment
- Cisco SD-WAN Cloud-Pro
- Cisco SD-WAN Cloud (Cisco Managed)
- Cisco SD-WAN for Government (FedRAMP)
Cisco, in its advisory, noted that it became aware of “limited exploitation” of the flaw in May 2026, urging customers to apply the latest updates as soon as possible.
Systems that are accessible over the internet are at increased risk of compromise. It’s recommended to audit the “/var/log/auth.log” file for the presence of suspicious peering events in the logs, including unauthorized peer connections that occur at unexpected times and originate from unrecognized IP addresses, or involve device types that are inconsistent with the environment’s architecture.
It’s also recommended restricting access to SD-WAN management and control-plane interfaces to trusted internal networks or to authorized IP addresses only, and reviewing authentication logs for suspicious login activity.
For additional information about the CVE, please visit:
https://cvefeed.io/vuln/detail/CVE-2026-20182
https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.