“A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system,” Cisco said in an advisory.
The company also confirmed that it became aware of “limited exploitation” of the flaw in May 2026. However, it did not disclose details about the attack or threat actors involved.
The zero-day flaw is now fixed with software updates, and organizations are advised to apply fixes immediately, as there are no workarounds that address this bug.
Attackers craft a connection for admin access
According to Cisco, the vulnerability stems from improper validation during the authentication process used to establish control connections between SD-WAN devices. It said an attacker could exploit the issue remotely by sending crafted control connection requests to a targeted system.
