CISA Adds One Known Exploited Vulnerability to Catalog

p CISA has added nbsp;one nbsp;new vulnerability nbsp;to its nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities-catalog Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. nbsp; /p ul type= disc li a href= https://www.cve.org/CVERecord?id=CVE-2026-20182 target= _blank CVE-2026-20182 /a nbsp;Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability nbsp; /li /ul p This nbsp;type of vulnerability is a nbsp;frequent attack vector for malicious cyber actors and poses nbsp;significant risks to the federal enterprise. /p p Note: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in nbsp; a href= https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems Emergency Directive 26-03: nbsp;Mitigate Vulnerabilities in Cisco SD-WAN Systems /a nbsp;and nbsp; a href= https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems /a . Adhere to the applicable nbsp; a href= https://www.cisa.gov/binding-operational-directive-22-01 Binding Operational Directive (BOD) 22-01 /a nbsp;guidance for cloud services or nbsp;discontinue nbsp;use of the product if mitigations are not available. /p p a href= https://www.cisa.gov/binding-operational-directive-22-01 Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a nbsp;established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the nbsp; a href= https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf BOD 22-01 Fact Sheet /a nbsp;for more information. nbsp; /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing nbsp;timely nbsp;remediation of nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities-catalog KEV Catalog vulnerabilities /a nbsp;as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the nbsp; a href= https://www.cisa.gov/known-exploited-vulnerabilities specified criteria /a . nbsp; /p