CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Update May 14, 2026: CISA has updated this Alert to include additional vulnerabilities, CVE-2026-20133 and CVE-2026-20182 and associated resources. The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking SD-WAN systems, including Federa...

Siemens APE1808 Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-2025-4229)

An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS software enables an unauthorized user to view unencrypted data sent from the firewall through the SD-WAN interface. This requires the user to be able to intercept packets sent from the firewall. This plugin...

Exploit for Path Traversal in Cisco Catalyst_Sd-Wan_Manager

🦅 BlueFalconInk — CISA ED 26-03 Compliance Tracker Built by...

Cisco Catalyst SD-WAN Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities. - A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has...

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

HPE EdgeConnect SD-WAN Orchestrator 安全漏洞

HPE EdgeConnect SD-WAN Orchestrator is a centralized SD-WAN management platform from HPE America. It provides complete visibility and control over the WAN. A security vulnerability exists in HPE EdgeConnect SD-WAN Orchestrator that stems from the presence of stored cross-site scripting in the web...

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine VOSS before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious acto...

Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability

A vulnerability in the access control list ACL processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has fixed vulnerabilities in PAN-OS. The vulnerabilities include an information leak in the SD-WAN feature, which allows unauthorized users to intercept packets and access unsecured data from the firewall. This poses a risk to sensitive information being transmitted. In additio...

Versa Concerto SD-WAN 安全漏洞

Versa Concerto SD-WAN is an easy-to-use user interface from Versa for configuring and monitoring Versa OS devices in a secure SD-WAN. A security vulnerability exists in Versa Concerto SD-WAN versions 12.1.2 through 12.2.0, which stems from an authentication bypass in the Traefik Reverse Proxy...

Dell SmartFabric OS10 Command Injection Vulnerability (CNVD-2025-15191)

Dell SmartFabric OS10 is a software-defined network operating system from Dell Networking, based on Linux and open source technologies, designed to enable flexible management and automated deployment of data center network resources. Dell SmartFabric OS10 suffers from a command injection...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

Cisco Catalyst 安全漏洞

Cisco Catalyst SD-WAN Manager is an SD-WAN network management program from Cisco USA. A security vulnerability exists in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature, which can be exploited by a remote attacker to submit a special request for unauthorize...

CVE-2023-37435

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and...

Cisco SD-WAN vManage Software 信息泄露漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco, U.S. An information disclosure vulnerability exists in Cisco SD-WAN vManage Software, which could be exploited by attackers to read sensitive information on the underlying...

多款Cisco产品资源管理错误漏洞

Cisco IOS and others are products of Cisco, Inc.Cisco IOS is a set of operating systems developed for its network devices.IOS XE is a set of operating systems developed for its network devices.SD-WAN Software is one of the software-defined WAN software.Cisco IOS XE Software is an operating system...

Cisco SD-WAN 安全漏洞

Cisco SD-WAN is a highly secure cloud-scale architecture that is open, programmable, and scalable from Cisco USA. A security vulnerability exists in Cisco SD-WAN that results from improper protection of file access through the CLI. The vulnerability could allow an authenticated local attacker to...

Cisco SD-WAN vManage 输入验证错误漏洞

Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. Cisco SD-WAN vManage has an input validation error vulnerability that stems from an incomplete boundary check on data provided to the vDaemo...

CVE-2021-1235

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficient user authorization. An attacker could exploit this vulnerability by accessing the vshell of an...