# CVE-2026-20182

> May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain

- **CVSS:** 10 (CRITICAL)
- **EPSS:** 77.3%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-287

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-20182
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp