Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
CISA Adds Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability to KEV Catalog
Occurred 14 May 2026·Detected 23 May 2026·
🇺🇸 United States federal enterprise and critical infrastructure networks; CISA headquartered in Washington, D.C. Vulnerability impact is nationwide and potentially global wherever Cisco Catalyst SD-WAN is deployed.1 reportEnded 29 May 2026
Cyber
CISA has added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk to federal and critical infrastructure networks. CISA has issued Emergency Directive 26-03 requiring Federal Civilian Executive Branch agencies to remediate the flaw and urges all organizations to prioritize patching.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Third-pass historical recalibration. This cyber advisory, vulnerability, or threat-report item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, major named-victim operational disruption, or quantified market impact sufficient for HIGH.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Geographic Zone Matches
1 active match
- TRIA Certified AreasRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇺🇸 United States
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
De-escalation25 May 2026, 17:47
Impact changed
high → medium
Initial Detection23 May 2026, 21:34
Initial Detection
CISA has added CVE-2026-20182, a Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk to federal and critical infrastructure networks. CISA has issued Emergency Directive 26-03 requiring Federal Civilian Executive Branch agencies to remediate the flaw and urges all organizations to prioritize patching.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Source: CISA Advisories (Official Advisory) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts