Medium severity5.4NVD Advisory· Published May 14, 2026· Updated May 14, 2026
CVE-2026-20210
CVE-2026-20210
Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.
This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2News mentions
1- Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Help Net Security · May 15, 2026