By Connor Jones
Publication Date: 2026-05-15 11:15:00
Patches
CISA hands feds super-tight deadline for this perfect-10, actively exploited flaw
Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager.
Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available.
The bug allows unauthenticated remote attackers to bypass authentication and gain admin privileges on an affected system.
According to Rapid7, whose researchers Stephen Fewer and Jonah Burgess found the vulnerability, attackers exploiting CVE-2026-20182 could then start issuing arbitrary NETCONF commands.
It means they could steal data, intercept traffic, manipulate an organization’s firewall rules, or just bring the network down, opening up opportunities for attackers of all…