Skip to content
Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127, which was exploited in-the-wild, Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182. This new authentication bypass vulnerability affects the “vdaemon” service over DTLS (UDP port 12346), which is the same ser...