Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2026-02-27 under CISA BOD 22-01.

This is a Improper Authentication (CWE-287) vulnerability in Cisco Catalyst SD-WAN Controller and Manager. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.  Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

Probably yes if any of these apply:

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2026-02-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2026-02-27.