Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking.
CISA Known Exploited Vulnerability
- Listed:
- May 14, 2026 · federal remediation due May 17, 2026
- Required action:
- Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- Scope: This vulnerability affects Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager, and Cisco Catalyst SD-WAN Validator, regardless of system configuration.
- Earlier than 20.91 — Migrate to a fixed release
- Release 20.9 (first fixed: 20.9.9.1)
- Release 20.10 (first fixed: 20.12.7.1)
- Release 20.111 (first fixed: 20.12.7.1)
- Release 20.12 (first fixed: 20.12.5.4)
- Release 20.12.6.2 (first fixed: 20.12.7.1)
- Release 20.131 (first fixed: 20.15.5.2)
- Release 20.141 (first fixed: 20.15.5.2)
- Release 20.15 (first fixed: 20.15.4.4)
- Release 20.15.5.2 (first fixed: 20.161)
- Release 20.18.2.2 (first fixed: 20.18)
- Release 20.18.2.2 (first fixed: 26.1)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 20.9.9.1
- 20.12.7.1
- 20.12.5.4
- 20.15.5.2
- 20.15.4.4
- 20.161
- 20.18
- 26.1
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 20.91: migrate to a fixed release.
- Release 20.9: upgrade to 20.9.9.1.
- Release 20.10: upgrade to 20.12.7.1.
- Release 20.111: upgrade to 20.12.7.1.
- Release 20.12: upgrade to 20.12.5.4.
- Release 20.12.6.2: upgrade to 20.12.7.1.
- Release 20.131: upgrade to 20.15.5.2.
- Release 20.141: upgrade to 20.15.5.2.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.