Cisco Catalyst SD-WAN Vulnerabilities

Act Now9.8cisco-sa-sdwan-authbp-qwCX8D4vFeb 25, 2026

Cisco

IT in OT - Cisco networking products are commonly deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple authentication bypass and privilege escalation vulnerabilities in Cisco Catalyst SD-WAN Manager allow unauthenticated attackers to access the system, escalate privileges to root, access sensitive information, and modify arbitrary files. All versions are affected. Cisco has released software updates to address these issues.

What this means

What could happen

An attacker could gain unauthorized access to your SD-WAN Manager, escalate to root-level control, steal sensitive data about your network configuration, and modify critical files that control your WAN operations.

Who's at risk

Any organization running Cisco Catalyst SD-WAN Manager (all versions) is affected. This primarily impacts enterprises and service providers who use Cisco SD-WAN solutions for managing wide-area networks, particularly those connecting multiple branch offices or data centers.

How it could be exploited

An attacker on the network sends a specially crafted request to the SD-WAN Manager's web interface. The vulnerability allows bypass of authentication controls, leading to unauthorized access. Once in, the attacker can escalate privileges to root and perform file operations with system-level permissions.

Prerequisites

Network access to the SD-WAN Manager web interface (typically port 443)
No authentication credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS scoreaffects network control system

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Catalyst SD-WAN ManagerAll versionsFix available

Remediation & Mitigation

0/1

Do now

0/1

HOTFIXUpdate Catalyst SD-WAN Manager to the patched version released by Cisco

CVEs (5)

CVE-2026-20133 CVE-2026-20122 CVE-2026-20126 CVE-2026-20128 CVE-2026-20129

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6722e479-a770-4d52-a1bc-f3324070638a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.