Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Mar 20, 2026

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

CVE-2026-20126

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.

This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

Affected products

Cisco Systems, Inc./Catalyst SD-WAN Managerllm-fuzzy
Cisco/Cisco Catalyst SD-WAN Managerv5
Range: 20.1.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000