A severe zero-day vulnerability, CVE-2026-20182, is being actively exploited by a persistent threat group to target Cisco's SD-WAN systems, specifically the Catalyst SD-WAN Controller and Manager. This authentication bypass flaw has a critical CVSS rating of 10, effectively acting as a master key to gain unauthorized access. The attackers behind these limited but targeted attacks have previously exploited other Cisco vulnerabilities, including those in firewalls and SD-WAN systems. Cisco has issued a threat advisory, warning of the ongoing exploitation, which is likely to escalate into a larger-scale attack. The company's response and user patching efforts will determine the severity of the impact. This vulnerability matters to security practitioners because it highlights the need for immediate patching or close monitoring to prevent potential breaches, given the vulnerability's high severity and the attackers' history of exploiting similar flaws1.