## Cisco Issues Emergency Patch for Critical SD-WAN Zero-Day Allowing Full Admin Takeover Cisco has released an emergency patch for a maximum-severity vulnerability in its Catalyst SD-WAN platform after researchers at Rapid7 disclosed a flaw that allows unauthenticated remote attackers to seize complete administrative control over affected systems. The vulnerability, tracked as CVE-2026-20182 and assigned a CVSS score of 10.0, affects both the SD-WAN Controller and SD-WAN Manager components—formerly known as vSmart and vManage—across all deployment configurations. Researchers Stephen Fewer and Jonah Burgess, who discovered the flaw, warned that successful exploitation grants attackers the ability to issue arbitrary NETCONF commands, enabling a broad range of hostile actions against an organization's network infrastructure. The implications of a successful breach extend across the entire security posture of affected enterprises. Attackers who gain admin-level access could exfiltrate sensitive data traversing the SD-WAN, intercept and manipulate traffic in transit, alter firewall rules to open additional attack vectors, or simply disrupt operations by taking systems offline. Cisco's advisory confirms that no authentication is required to trigger the vulnerability, placing organizations running unpatched instances at immediate risk. Given the critical role SD-WAN plays in connecting branch offices, data centers, and cloud environments, a compromise of these controllers could give adversaries persistent access across an entire corporate network. Cisco has stated that fixes are available and advises administrators to apply patches without delay. Security teams should prioritize patching internet-facing SD-WAN Management interfaces and ensure that any instances running earlier, unaffected versions are evaluated for exposure based on their specific deployment topology. Organizations using Catalyst SD-WAN should also review access logs for signs of anomalous NETCONF activity, as the nature of the flaw means exploitation could leave minimal forensic traces. The disclosure underscores ongoing concerns about the security of network management infrastructure, which remains a high-value target for both financially motivated threat actors and state-sponsored groups seeking to establish persistent foothold in enterprise environments. --- - **Source**: The Register - **Sector**: The Lab - **Tags**: zero-day, SD-WAN, CVE-2026-20182, network security, authentication bypass - **Credibility**: unverified - **Published**: 2026-05-15 13:18:49 - **ID**: 83468 - **URL**: https://whisperx.ai/en/intel/83468