CISA adds Cisco SD-WAN auth bypass CVE-2026-20182 to KEV catalog
BOD 22-01 remediation deadlines are binding for FCEB agencies; ED 26-03 and its supplemental hardening guidance set the specific patch path.
TL;DR
CISA added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability, to the Known Exploited Vulnerabilities catalog based on evidence of active exploitation. Federal Civilian Executive Branch agencies must remediate under Binding Operational Directive 22-01 or discontinue use; Emergency Directive 26-03 and its supplemental hunt-and-hardening guidance govern the specific mitigation path. Non-federal organizations with SD-WAN infrastructure in remote access or branch connectivity roles should treat this as a prioritized patch.
CISA's addition is a standard KEV catalog update. No new deadline mechanism or enforcement layer accompanies it; the remediation obligation for FCEB agencies already runs through BOD 22-01, and the specific patch and interim-control requirements were established in Emergency Directive 26-03 and its Supplemental Direction. Agencies that have not yet acted on ED 26-03 guidance should verify their compliance posture against the KEV-catalog entry, which formalizes the active-exploitation basis for the earlier directive.
For non-federal contractors and state agencies, the practical instruction is unchanged: consult the ED 26-03 supplemental for hunt scripts and hardening steps, apply the vendor patch, and document the remediation for any RMF or CMMC audit trail that covers SD-WAN infrastructure.
Published ·Updated ·Deep Fathom