CVE-2026-20182 is a critical authentication bypass (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller and Manager, affecting both on-premises and cloud deployments. Attackers can send crafted unauthenticated requests to gain high-privileged account access, then interact with NETCONF interfaces, alter SD-WAN fabric configurations, and register rogue devices into the fabric. Active exploitation has been confirmed in May 2026. Cisco has released security updates; no complete workaround exists — affected organizations must upgrade to a fixed version. CISA added CVE-2026-20182 to the Known Exploited Vulnerabilities catalog and set a federal agency patch deadline of May 17, 2026. The CVSS 10.0 score, confirmed in-the-wild exploitation, and the ability to silently insert rogue devices into SD-WAN fabrics make this a critical priority for any organization running Cisco Catalyst SD-WAN on-premises. Non-federal entities should treat the CISA deadline as a strong signal and prioritize emergency patching.