A critical authentication bypass vulnerability, designated as CVE-2026-20182, has been discovered in the Cisco Catalyst SD-WAN Controller, formerly known as vSmart. This vulnerability affects the "vdaemon" service, which communicates over DTLS via UDP port 12346, and is a distinct issue from the previously identified CVE-2026-20127. The vulnerability was uncovered by Rapid7 Labs while investigating the earlier exploit1. Cisco has since addressed the issue, providing a fix for the vulnerability. The "vdaemon" service's susceptibility to authentication bypass attacks raises concerns, as it could potentially allow unauthorized access to the SD-WAN Controller. The fact that this vulnerability is under active discussion with Cisco, with its exploitation status determining the urgency of the patch, underscores its significance. This matters to security practitioners because a successful exploit could grant attackers control over the SD-WAN infrastructure, making prompt patch application crucial.
CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
⚠️ Critical Alert
Why This Matters
CVE-2026-20182 is in active discussion involving Cisco — exploitation status determines whether this is patch-now or monitor.
References
- Rapid7. (2026, May 14). CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED). Rapid7 Blog. https://www.rapid7.com/blog/post/ve-cve-2026-20182-critical-authentication-bypass-cisco-catalyst-sd-wan-controller-fixed
Original Source
Rapid7 Blog
Read original →