Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182 , carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisc...

CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

CVE-2026-20224

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper...

CVE-2026-20210

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to reda...

CVE-2026-20209

Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) web UI vulnerability allows an authenticated, read-only user to elevate to a high-privilege role and take actions as a high-privileged user. Root cause: sensitive session information is logged in audit logs. Impact: privilege escalation with...

📄 Cisco Catalyst SD-WAN Controller Authentication Bypass / Arbitrary WAR Upload

A critical security vulnerability chain was identified involving an authentication bypass through exposed configuration data, followed by an arbitrary file upload via path traversal. Successful exploitation may allow an attacker to deploy a malicious WAR archive into the application server's...

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

Cisco Catalyst SD-WAN Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities. - A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has...

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager, tracked as CVE‑2026‑20127, that allows an unauthenticated attacker to gain administrative access to affected systems. The Cisco...

CVE-2026-20129

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an...

CVE-2026-20127

CVE-2026-20127 concerns a vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). The flaw allows an unauthenticated, remote attacker to bypass authentication and obtain administrative pr...

CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20129 Cisco Catayst SD-WAN Authentication Bypass Vulnerability

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An...

CVE-2026-20126 Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this...

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

CVE-2026-20127

creationtimestamp| type| source ---|---|--- 2026-02-25 13:28:27+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-166 2026-02-25 15:07:47+00:00| seen|...

PT-2026-21956

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 20.18 Description A flaw exists in the API user authentication of Cisco Catalyst SD-WAN Manager that could allow an unauthenticated, remote attacker to gain access to an affected system with...