{ "title": "Cisco Catalyst SD-WAN CVE-2026-20182: KEV Control-Plane Exposure", "summary": "CISA added Cisco Catalyst SD-WAN CVE-2026-20182 to KEV on 2026-05-14. Cisco lists fixed releases across 20.9, 20.12, 20.15, 20.18, and 26.1 trains; CISA ED 26-03 provides concrete artifact selectors for rogue peering, root SSH, downgrades, and log clearing.", "date": "2026-05-26", "severity": "critical", "tags": [ "cisco", "sdwan", "cisa-kev", "zero-day", "vulnerability-response" ], "sources_count": 5, "indicators": { "slug": "cisco-sdwan-cve-2026-20182-kev", "since": "2026-05-26T00:00:00Z", "until": "2026-05-26T23:59:59Z", "ecosystem": "", "cves": [ "CVE-2026-20182" ], "cwes": [ "CWE-287" ], "advisoryIds": [], "products": [ "Catalyst SD-WAN Controller and Catalyst SD-WAN Manager" ], "packages": [], "versions": [], "affectedVersions": [], "fixedVersions": [ "20.9.9.1", "20.12.5.4", "20.12.6.2", "20.12.7.1", "20.15.4.4", "20.15.5.2", "20.18.2.2", "26.1.1.1", "20.15.506" ], "files": [], "paths": [ "master install", "system-reboot-issued", "Starting upgrade confirmation timer", "Waiting for upgrade confirmation from user", "Software upgrade not confirmed", "control-connection-state-change", "peer-type:'vhub", "remote-color", "Accepted publickey for root", "PermitRootLogin yes", "/usr/sbin/useradd cfgmgr_config_aaa_user", "cat /dev/null > wtmp", "cat /dev/null > lastlog" ], "services": [], "domains": [], "urls": [], "ips": [], "hashes": [], "processPatterns": [], "networkPatterns": [], "telemetrySelectors": [ "master install", "system-reboot-issued", "Starting upgrade confirmation timer", "Waiting for upgrade confirmation from user", "Software upgrade not confirmed", "control-connection-state-change", "peer-type:'vhub", "remote-color", "Accepted publickey for root", "PermitRootLogin yes", "/usr/sbin/useradd cfgmgr_config_aaa_user", "cat /dev/null > wtmp", "cat /dev/null > lastlog" ] } }