Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
CISA Known Exploited Vulnerability
- Listed:
- Feb 25, 2026 · federal remediation due Feb 27, 2026
- Required action:
- Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- Scope: This vulnerability affects Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager, and Cisco Catalyst SD-WAN Validator, regardless of device configuration.
- Earlier than 20.91 — Migrate to a fixed release
- Release 20.9 (first fixed: 20.9.8.2)
- Release 20.111 (first fixed: 20.12.6.1)
- Release 20.12 (first fixed: 20.12.5.3)
- Release 20.12.6.1 (first fixed: 20.131)
- Release 20.15.4.2 (first fixed: 20.141)
- Release 20.15.4.2 (first fixed: 20.15)
- Release 20.15.4.2 (first fixed: 20.161)
- Release 20.18.2.1 (first fixed: 20.18)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 20.9.8.2
- 20.12.6.1
- 20.12.5.3
- 20.131
- 20.141
- 20.15
- 20.161
- 20.18
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 20.91: migrate to a fixed release.
- Release 20.9: upgrade to 20.9.8.2.
- Release 20.111: upgrade to 20.12.6.1.
- Release 20.12: upgrade to 20.12.5.3.
- Release 20.12.6.1: upgrade to 20.131.
- Release 20.15.4.2: upgrade to 20.141.
- Release 20.15.4.2: upgrade to 20.15.
- Release 20.15.4.2: upgrade to 20.161.
- There are no workarounds that address this vulnerability. However, as a mitigation, customers may use the following guidance to temporarily mitigate the impact of this vulnerability while they are planning to upgrade to a first fixed release.
- Action Owner On-Prem Deployment Customer Follow the guidelines in the Firewall Ports for Cisco Catalyst SD-WAN Deployments section of the Cisco Catalyst SD-WAN Getting Started Guide.
- Customers who host their own Cisco Catalyst SD-WAN deployment in their own data centers must secure intra-controller connectivity. Cisco recommends adding the access control lists (ACLs), security group rules, and/or firewall rules to restrict the traffic to port 22 and port 830 to allow only known controller IPs and other known IPs. Customers also must configure their mitigation ACLs to allow …
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.