CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) Back to Blog Vulnerabilities and Exploits CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) Jonah Burgess | Stephen Fewer May 14, 2026 | Last updated on May 14, 2026 | xx min read DISCOVER RAPID7 MDR Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127 , which was exploited in-the-wild , Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182 . This new authentication bypass vulnerability affects the “vdaemon” service over DTLS (UDP port 12346), which is the same service that was vulnerable to CVE-2026-20127. The new vulnerability is not a patch bypass of CVE-2026-20127.

Pluribus and the Path to Domain Compromise: A ModeloRAT Case Study Back to Blog Threat Research When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise Anna Širokova May 13, 2026 | Last updated on May 13, 2026 | xx min read DISCOVER RAPID7 MDR Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential theft, lateral movement, and exfiltration. The incident illustrates a critical risk for modern enterprises: Collaboration platforms have become part of the attack surface, and when combined with identity abuse and Living-off-the-Land techniques, they can provide attackers with a low-friction path into the environment.

Patch Tuesday - May 2026 Back to Blog Exposure Management Patch Tuesday - May 2026 Adam Barnett May 13, 2026 | Last updated on May 13, 2026 | xx min read Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.

CVE-2026-41940: cPanel & WHM Authentication Bypass Back to Blog Vulnerabilities and Exploits CVE-2026-41940: cPanel & WHM Authentication Bypass Rapid7 Apr 29, 2026 | Last updated on May 5, 2026 | xx min read DISCOVER RAPID7 MDR Overview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940 , the identifier subsequently assigned on April 29, 2026, has a CVSS score of and allows unauthenticated remote attackers to bypass authentication and gain unauthorized administrative access to the affected systems. First-party vendor advisories are available.