High severity7.5CISA KEVNVD Advisory· Published Feb 25, 2026· Updated Apr 21, 2026
CVE-2026-20128
CVE-2026-20128
Description
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*range: <20.9.8.2
- cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*
- (no CPE)range: <20.18
Patches
Vulnerability mechanics
References
2- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vnvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
15- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)Help Net Security · Jun 16, 2026
- Cisco Patches Another SD-WAN Zero-Day Exploited in AttacksSecurityWeek · Jun 16, 2026
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawThe Hacker News · Jun 16, 2026
- Cisco fixes SD-WAN vManage flaw exploited in zero-day attacksBleepingComputer · Jun 15, 2026
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableThe Hacker News · Jun 6, 2026
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sightThe Register Security · Jun 5, 2026
- Cisco warns of unpatched SD-WAN zero-day exploited in attacksBleepingComputer · Jun 5, 2026
- Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026SecurityWeek · Jun 5, 2026
- New Cisco SD-WAN Zero-Day Grants Admin AccessGovInfoSecurity · May 19, 2026
- Cisco zero-day under ongoing attack by persistent threat groupCyberScoop · May 15, 2026
- Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Help Net Security · May 15, 2026
- Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026SecurityWeek · May 15, 2026
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe Hacker News · May 15, 2026
- Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Tenable Blog · May 15, 2026
- Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos Intelligence · May 14, 2026