Multiple critical vulnerabilities in Cisco Catalyst SD-WAN Manager (CVE-2026-20122, CVE-2026-20126, CVE-2026-20128) allow unauthorized access, privilege escalation to root, sensitive information disclosure, and arbitrary file overwrite. These vulnerabilities affect multiple version ranges, including Catalyst SD-WAN Manager versions earlier than 20.9.8.2, specific builds within the 20.10-20.12, 20.13-20.15, and 20.16-20.18 branches, as well as version 20.12.6. Cisco has released fixed versions including 20.9.8.2, 20.12.5.3, 20.15.4.2, and 20.18.2.1, and states there are no available workarounds, requiring immediate patching.
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v <br/>Security Impact Rating: Critical <br/>CVE: CVE-2026-20122,CVE-2026-20126,CVE-2026-20128,CVE-2026-20129,CVE-2026-20133