Medium severity5.4NVD Advisory· Published May 14, 2026· Updated May 14, 2026

CVE-2026-20209

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.

This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated read-only users can elevate to high privileges via sensitive session info in Cisco Catalyst SD-WAN Manager audit logs.

Vulnerability

Details

CVE-2026-20209 is a privilege escalation vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The root cause is that sensitive session information is recorded in audit logs, allowing an authenticated attacker with read-only permissions to access this data and elevate their privileges.

Exploitation

An attacker must have valid credentials with read-only access to the affected system. By examining audit logs containing session tokens or similar sensitive data, the attacker can impersonate a high-privileged user. No additional network access or user interaction is required beyond initial authentication.

Impact

Successful exploitation enables the attacker to perform actions as a high-privileged user, potentially gaining full control over the SD-WAN Manager and affecting network configurations.

Mitigation

Cisco has released software updates to address this vulnerability; no workarounds are available. Administrators should upgrade to the fixed release indicated in the security advisory [2].

References

Cisco Security Advisory: Cisco Catalyst SD-WAN Manager Vulnerabilities

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Catalyst SD-WAN Managerllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
Help Net Security · May 15, 2026

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000