(TLP:CLEAR) Vulnerability Notification – Critical Vulnerability Affecting Cisco Catalyst SD-WAN, CVE-2026-20182

ACTION MAY BE REQUIRED for utilities using Cisco Catalyst SD-WAN Controller or Cisco Catalyst SD-WAN Manager products, including internet-facing SD-WAN management infrastructure. Utilities that outsource technology support may need to consult their service providers for assistance with remediation actions.

Summary: A critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager is being actively exploited in the wild. Tracked as CVE-2026-20182, the vulnerability carries a CVSS score of 10.0 and could allow an unauthenticated remote attacker to gain administrative privileges on vulnerable systems.

Analyst Note: This vulnerability is particularly concerning for utilities because SD-WAN (Software-Defined Wide Area Network) infrastructure often connects distributed operational environments, remote facilities, and cloud management network infrastructure. A compromised SD-WAN environment could allow attackers to establish unauthorized peer connections, move laterally, and potentially access systems that support operational technology (OT) environments.

Cisco has released software updates to address the vulnerability and stated there are no workarounds that fully mitigate the issue. WaterISAC strongly encourages members to review Cisco’s advisory, validate whether affected systems are internet accessible, and upgrade affected Cisco Catalyst SD-WAN instances to a fixed version immediately.

Additional Reading:

• CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Related WaterISAC PIRs: 6, 8, 10