CVE-2026-20122

Published: Feb 25, 2026Modified: Apr 21, 2026CISA KEV

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Affected (5)

Products: Cisco: Catalyst Sd Wan Manager

Cisco

1 product

Catalyst Sd Wan Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Cisco Catalyst Sd Wan Manager	Before 20.9.8.2
Cisco Catalyst Sd Wan Manager	From 20.10 to 20.12.5.3
Cisco Catalyst Sd Wan Manager	From 20.13 to 20.15.4.2
Cisco Catalyst Sd Wan Manager	From 20.16 to 20.18.2.1
Cisco Catalyst Sd Wan Manager	Version 20.12.6

Related CWEs

CWE-648

Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Source: psirt@cisco.com

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.