Cisco

Cisco Advisories Vulnerability Disclosure Cisco May 20

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resour...

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco May 20

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on ...

T1190

Cisco Advisories →

Cisco Advisories Vulnerability Disclosure Cisco May 20

Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary ...

T1059

Cisco Advisories →

The Hacker News Data Breach Cisco May 18

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use.

T1598

The Hacker News →

SC Media General Cisco May 15

10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.

T1556

SC Media →

Cyberscoop Zero-Day Cisco May 15

Cisco zero-day under ongoing attack by persistent threat group

The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post C...

Cyberscoop →

The Record Vulnerability Disclosure Cisco May 15

CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday

Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentic...

The Record →

Help Net Security Zero-Day Cisco May 15

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)

Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a hig...

T1556 1 IOC

Help Net Security →

CSO Online Vulnerability Disclosure Cisco May 15

Cisco warns of an actively exploited SD-WAN flaw with max severity

Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warnin...

T1556

CSO Online →

GBHackers CVE Cisco May 15

Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access

Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administ...

1 IOC

GBHackers →

SecurityWeek Zero-Day Cisco May 15

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patche...

1 IOC

SecurityWeek →

The Hacker News CVE Cisco May 15

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

The U.S.

T1556 1 IOC

The Hacker News →

Tenable Blog Zero-Day Cisco May 15

Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)

Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clus...

T1556 1 IOC

Tenable Blog →

SC Media Campaigns Cisco May 15

Fake job interviews used to deploy JobStealer malware

The campaign involves scammers posing as recruiters and inviting victims to online interviews via custom platforms that mimic legitimate services like Cisco ...

SC Media →

BleepingComputer Zero-Day Cisco May 14

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks...

T1556 1 IOC

BleepingComputer →

Security Affairs CVE Cisco May 14

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog

The U.S.

1 IOC

Security Affairs →

The Hacker News CVE Cisco May 14

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited ...

T1556 1 IOC

The Hacker News →

Cisco Advisories Vulnerability Disclosure Cisco May 14

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN C...

T1556

Cisco Advisories →

Cisco Advisories Advisory Cisco May 14

Cisco Catalyst SD-WAN Manager Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, el...

Cisco Advisories →

Rapid7 Blog CVE Cisco Rapid7 May 14

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new auth...

T1556 2 IOCs

Rapid7 Blog →