<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p> <ul type="disc"> <li><a href="https://www.cve.org/CVERecord?id=CVE-2026-20182" target="_blank">CVE-2026-20182</a> Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability </li> </ul> <p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.</p> <p>Note: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in <a href="https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems">Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems</a> and <a href="https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems">Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems</a>. Adhere to the applicable <a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01</a> guidance for cloud services or discontinue use of the product if mitigations are not available.</p> <p><a href="https://www.cisa.gov/binding-operational-directive-22-01">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a> established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the <a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pd

Read Full Article at US-CERT Alerts →