CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Summary
Cisco Catalyst SD-WAN Manager has a vulnerability (CVE-2026-20122) where an attacker can exploit improper file handling in privileged APIs to upload a malicious file. A successful exploit allows overwriting arbitrary files and gaining vmanage user privileges on the affected system.
IFF Assessment
The vulnerability allows an attacker to gain elevated privileges and manipulate system files, posing a significant threat to the integrity and confidentiality of the affected infrastructure.
Severity
This vulnerability involves an attacker being able to overwrite arbitrary files and gain administrative privileges (vmanage user), indicating a high level of impact and exploitability through a web-based attack vector.
CISA KEV: Listed as actively exploited. Federal patch due: April 23, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Cisco Catalyst SD-WAN Manager requires immediate attention from defenders, especially those in federal agencies with a specific deadline. Organizations should review CISA's directives and hardening guidance to assess their exposure and implement necessary mitigations to prevent unauthorized access and system compromise.