Multiple critical vulnerabilities in Cisco Catalyst SD-WAN Manager (formerly vManage) allow attackers to gain system access, elevate privileges to root, access sensitive information, and overwrite arbitrary files. The most severe of these, CVE-2026-20126, has a CVSS score of 8.8 (High). Affected versions span multiple release trains, including versions prior to 20.9.8.2 and specific ranges up to versions before 20.18.2.1. Cisco has released fixed versions, including 20.9.8.2, 20.12.5.3, 20.15.4.2, and 20.18.2.1, and there are no available workarounds.
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v <br/>Security Impact Rating: Critical <br/>CVE: CVE-2026-20122,CVE-2026-20126,CVE-2026-20128,CVE-2026-20129,CVE-2026-20133