High severity8.6NVD Advisory· Published May 14, 2026· Updated May 14, 2026

CVE-2026-20224

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials.

This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated XXE vulnerability in Cisco Catalyst SD-WAN Manager allows remote attackers to read of arbitrary files via crafted XML request.

Vulnerability

Overview

An XML External Entity (XXE) vulnerability exists in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The root cause is improper handling of XXE entries when the application parses XML files. This flaw permits an unauthenticated, remote attacker to read arbitrary files stored on the affected system [2].

Exploitation

Conditions

Exploitation does not require valid user credentials or any prior authentication. The attacker simply sends a crafted a malicious XML request and sends it to the vulnerable web interface of the SD-WAN Manager. No special network access is needed beyond reachability to the management interface [2].

Impact

Successful exploitation allows the attacker to read arbitrary files from the file system of the affected Cisco Catalyst SD-WAN Manager. This could expose sensitive configuration data, credentials, or other confidential operational information, potentially aiding in further compromise of the SD-WAN fabric [2].

Mitigation

Cisco has released software updates that address this vulnerability. There are no workarounds. Customers are strongly advised to upgrade to the fixed software versions specified in the Cisco Security Advisory [2].

References

Cisco Security Advisory: Cisco Catalyst SD-WAN Manager Vulnerabilities

AI Insight generated by deepseek/deepseek-v4-flash-20260423 on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./Catalyst SD-WAN Managerllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
Help Net Security · May 15, 2026

cvss	0.559
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000