Critical Vulnerabilities in Cisco Catalyst SD-WAN Manager Exploited
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities, CVE-2026-20122 and CVE-2026-20128, have been identified in Cisco Catalyst SD-WAN Manager, both published on 2026-02-25. CVE-2026-20122 allows authenticated remote attackers to overwrite arbitrary files via the API, while CVE-2026-20128 permits unauthenticated remote attackers to gain DCA user privileges through a credential file exploit. Both vulnerabilities were added to the CISA KEV list on 2026-04-20 due to active exploitation. Affected systems include versions prior to 20.18 of Cisco Catalyst SD-WAN Manager. Attackers can exploit these vulnerabilities to escalate privileges and potentially compromise additional systems. Organizations using vulnerable versions are urged to apply updates immediately to mitigate these risks.
Key Points: • CVE-2026-20122 allows remote file overwriting with valid API credentials. • CVE-2026-20128 enables unauthenticated access to DCA user privileges. • Both vulnerabilities are actively exploited and should be patched immediately.