Critical Cisco SD-WAN Vulnerability Under Active Attack

UAT-8616 exploits a critical Cisco SD-WAN flaw, posing threats to infrastructure with potential state-sponsored ties. Patches released by Cisco.

By Content Team

May 15, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A sophisticated threat actor called UAT-8616 is actively exploiting a critical authentication bypass vulnerability (CVE-2026-20182) in Cisco's SD-WAN controllers. The bug earned a perfect 10/10 severity score, allowing attackers to gain administrative access without authentication.

This marks the second major Cisco SD-WAN vulnerability this year. In February, the same threat group exploited a nearly identical flaw (CVE-2026-20127) for years before detection. UAT-8616 appears undeterred by patches, quickly moving to exploit new vulnerabilities in the same product line.

The group targets critical infrastructure organizations, using compromised controllers to establish persistent access and escalate to root privileges. Researchers suggest potential Chinese state-sponsored connections. Cisco has released patches, but the pattern of recurring vulnerabilities in centralized network infrastructure highlights ongoing security challenges.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Fake Claude AI Sites Spread Malware Through Google Ads

Mar 11, 2026

Google's Vertex AI Default Settings Allow Privilege Escalation Attacks

Jan 18, 2026

Companies House Security Breach Exposes UK Business Data

Mar 31, 2026

Hackers Using Windows Screensavers to Bypass Security and Install Malware

Feb 5, 2026