AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesMay 13, 2026CVE-2026-20182

Summary

A critical flaw in Cisco Catalyst SD-WAN Controller allows attackers who haven't logged in to bypass authentication (the process of verifying identity) and gain administrative privileges (full control) on affected systems. This vulnerability is currently being exploited in real attacks.

Solution / Mitigation

CISA (the US Cybersecurity and Infrastructure Security Agency) requires organizations to follow Emergency Directive 26-03 to assess exposure and mitigate risks, and to use CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices. Organizations must also follow BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. The due date for compliance is 2026-05-17.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

May 13, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-287

CAPEC (Attack Pattern)

CAPEC-114

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-20182

First tracked: May 14, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%