“A vulnerability within the peering authentication in Cisco Catalyst SD-WAN Controller, previously SD-WAN vSmart, and Cisco Catalyst SD-WAN Supervisor, previously SD-WAN vManage, may permit an unauthenticated, distant attacker to bypass authentication and procure administrative privileges on an affected system,” Cisco mentioned in an advisory.
The corporate additionally confirmed that it grew to become conscious of “restricted exploitation” of the flaw in Might 2026. Nonetheless, it didn’t disclose particulars concerning the assault or menace actors concerned.
The zero-day flaw is now mounted with software program updates, and organizations are suggested to use fixes instantly, as there are not any workarounds that deal with this bug.
Attackers craft a connection for admin entry
In accordance with Cisco, the vulnerability stems from improper validation through the authentication course of used to determine management connections between SD-WAN units. It mentioned an attacker may exploit the difficulty remotely by sending crafted management connection requests to a focused system.
