VYPR
Medium severity5.4NVD Advisory· Published May 14, 2026· Updated May 14, 2026

CVE-2026-20209

CVE-2026-20209

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.

This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

1