Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
Cisco on Thursday announced the availability of patches for yet another critical SD-WAN zero-day vulnerability that has been exploited in attacks. It is the sixth SD-WAN flaw whose exploitation came to light in 2026.
The new SD-WAN zero-day is tracked as CVE-2026-20182, and it has been described by Cisco as an authentication bypass vulnerability that can allow a remote attacker to gain admin privileges on the targeted system via specially crafted packets.
The vulnerability affects the peering authentication mechanism in Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage).
Source: https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026/
Related breach coverage
- Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild2026-05-15
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
- First Shai-Hulud Worm Clones Emerge2026-05-18
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.
- Grafana Confirms Breach After Hackers Claim They Stole Data2026-05-18
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$. The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek.