A sophisticated threat actor called UAT-8616 is actively exploiting a critical authentication bypass vulnerability (CVE-2026-20182) in Cisco's SD-WAN controllers. The bug earned a perfect 10/10 severity score, allowing attackers to gain administrative access without authentication.
This marks the second major Cisco SD-WAN vulnerability this year. In February, the same threat group exploited a nearly identical flaw (CVE-2026-20127) for years before detection. UAT-8616 appears undeterred by patches, quickly moving to exploit new vulnerabilities in the same product line.
The group targets critical infrastructure organizations, using compromised controllers to establish persistent access and escalate to root privileges. Researchers suggest potential Chinese state-sponsored connections. Cisco has released patches, but the pattern of recurring vulnerabilities in centralized network infrastructure highlights ongoing security challenges.
Source: Dark Reading