## Persistent Threat Group Actively Exploiting Cisco SD-WAN Zero-Day with Maximum Severity Rating
Cisco has issued an emergency threat advisory after a persistent threat group began exploiting a critical zero-day vulnerability in Catalyst SD-WAN Controller and Manager. The authentication bypass flaw, tracked as CVE-2026-20182, carries a CVSS score of 10—the highest possible severity rating—giving attackers the ability to obtain full administrative access without credentials.

Rapid7 discovered and reported the vulnerability to Cisco on March 9. According to Douglas McKee, director of vulnerability intelligence at Rapid7, the flaw "behaves like a master key." An attacker can present themselves to the controller as a trusted network router, and if the system accepts that claim without proper validation, they gain the highest level of administrative access. McKee described it as "the cybersecurity version of a Jedi mind trick." The attacks observed so far are limited in number, but the threat group has been linked to a series of previously disclosed vulnerabilities affecting Cisco's firewalls and SD-WAN systems, suggesting a sustained and targeted campaign against the vendor's infrastructure.

The exposure is significant given SD-WAN's role as a critical enterprise networking layer. Cisco has released patches, and organizations running affected Catalyst SD-WAN deployments should apply updates immediately. Security teams should also monitor for indicators of compromise, as the adversary has demonstrated the capability to chain multiple vulnerabilities across Cisco's product ecosystem. The disclosure adds pressure on Cisco following a pattern of security gaps in its networking hardware and software portfolio, raising questions about development practices and vulnerability response timelines.
---
- **Source**: CyberScoop RSS
- **Sector**: The Lab
- **Tags**: zero-day, CVE-2026-20182, SD-WAN, authentication bypass, Cisco
- **Credibility**: unverified
- **Published**: 2026-05-15 15:48:19
- **ID**: 83496
- **URL**: https://whisperx.ai/en/intel/83496