Medium severity5.4CISA KEVNVD Advisory· Published Feb 25, 2026· Updated Apr 21, 2026
CVE-2026-20122
CVE-2026-20122
Description
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*range: <20.9.8.2
- cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
2- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vnvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
15- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)Help Net Security · Jun 16, 2026
- Cisco Patches Another SD-WAN Zero-Day Exploited in AttacksSecurityWeek · Jun 16, 2026
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawThe Hacker News · Jun 16, 2026
- Cisco fixes SD-WAN vManage flaw exploited in zero-day attacksBleepingComputer · Jun 15, 2026
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableThe Hacker News · Jun 6, 2026
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sightThe Register Security · Jun 5, 2026
- Cisco warns of unpatched SD-WAN zero-day exploited in attacksBleepingComputer · Jun 5, 2026
- Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026SecurityWeek · Jun 5, 2026
- New Cisco SD-WAN Zero-Day Grants Admin AccessGovInfoSecurity · May 19, 2026
- Cisco zero-day under ongoing attack by persistent threat groupCyberScoop · May 15, 2026
- Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Help Net Security · May 15, 2026
- Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026SecurityWeek · May 15, 2026
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe Hacker News · May 15, 2026
- Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Tenable Blog · May 15, 2026
- Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos Intelligence · May 14, 2026