Cisco identified a maximum-severity authentication bypass vulnerability in its Catalyst SD-WAN Controller and Manager platforms. The company confirmed limited exploitation of this flaw occurred during May 2026.
The vulnerability allows remote, unauthenticated attackers to gain administrative privileges on affected systems. Improper validation within the authentication process for device control connections causes the security gap.
Cisco released software updates to address the critical flaw and recommends immediate application. No workarounds exist to mitigate the risk outside of the official software patch. The company has not disclosed specific details regarding the threat actors or attack methods.