EUVD-2026-30324

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

PT-2026-40961

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to those of a high-privileg...

Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user...

Vulnerabilities fixed in Cisco Catalyst SD-WAN Manager

Cisco has fixed several vulnerabilities in the Cisco Catalyst SD-WAN Manager. The vulnerabilities are in the peering authentication mechanisms of the Cisco Catalyst SD-WAN Controller and Manager products. These vulnerabilities allow an unauthenticated remote attacker to bypass the authentication...

Exploit for Path Traversal in Cisco Catalyst_Sd-Wan_Manager

🦅 BlueFalconInk — CISA ED 26-03 Compliance Tracker Built by...

EUVD-2026-8677

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-20129

CVE-2026-20129 involves Cisco Catalyst SD-WAN Manager API authentication—an unauthenticated, remote attacker could exploit an improper authentication flaw to execute commands with the netadmin role. The advisory notes that affected systems could be compromised via crafted API requests, resulting ...

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from improper handling ...

CVE-2025-20157

A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper validation of certificates that are used by the Smar...

Cisco Catalyst SD-WAN Manager 操作系统命令注入漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. An operating system command injection vulnerability exists in Cisco Catalyst SD-WAN Manage...

Cisco Catalyst SD-WAN Manager 跨站脚本漏洞

Cisco Catalyst is a series of switches from the American company Cisco. An HTML injection vulnerability exists in Cisco Catalyst SD-WAN Manager that stems from improper validation of user-supplied data in element fields and can be exploited by an authenticated, remote attacker to inject HTML...