CVE-2026-20122

CWE-648CWE-200Information ExposureCWE-257CWE-287Improper Authentication8 documents8 sources
Severity
5.4MEDIUM
EPSS
0.0%
top 96.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Cisco Catalyst Sd-wan Manager
Timeline
PublishedFeb 25
Latest updateMar 5

Description

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager20.1120.12.5.3+4
CVEListV5cisco/cisco_catalyst_sd-wan_manager335 versions+334

🔴Vulnerability Details

3
CVEList
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability2026-02-25
GHSA
GHSA-9qpv-49q8-9chx: A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local fi2026-02-25
VulnCheck
Cisco catalyst_sd-wan_manager Incorrect Use of Privileged APIs2026

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Vulnerabilities2026-02-26

🕵️Threat Intelligence

3
Bleepingcomputer
Cisco flags more SD-WAN flaws as actively exploited in attacks2026-03-05
Tenable
CVE-2026-20127 Zero-Day Auth Bypass Exploited2026-02-25
Wiz
CVE-2026-20122 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20122 (MEDIUM CVSS 5.4) | A vulnerability in the API of Cisco | cvebase.io