A critical authentication bypass vulnerability (CVE-2026-20182, CVSS 10.0) in Cisco Catalyst SD-WAN Controller and Manager — covering both on-premises and cloud deployments — is being actively exploited. Attackers abuse a broken peering authentication mechanism to gain unauthorized access as a high-privileged non-root account, enabling NETCONF access, arbitrary network configuration changes across the SD-WAN fabric, and registration of rogue devices. Cisco has confirmed in-the-wild exploitation and released security updates; no complete workaround exists, making upgrade the only remediation path. CISA added the flaw to the Known Exploited Vulnerabilities catalog and set a binding operational directive deadline of May 17, 2026 for federal civilian agencies. For enterprise teams running Cisco Catalyst SD-WAN, the risk extends beyond federal environments — the exploit surface is the SD-WAN control plane, and a compromised controller can affect all managed branch sites. Teams should treat patching as urgent regardless of regulatory scope, audit NETCONF access logs for anomalous sessions, and verify no unauthorized devices have been registered in the fabric.