CVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Under Active Exploitation — Detection, Patching, and Hardening
CVE-2026-20182 is a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN actively exploited by nation-state actor UAT-8616. With CISA Emergency Directive 26-03 issued, this guide covers the DTLS handshake flaw, attacker TTPs, detection commands, patching steps, and hardening requirements to protect your SD-WAN fabric.