CVE-2026-20126

CWE-648CWE-200Information ExposureCWE-257CWE-287Improper Authentication5 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 86.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Cisco Catalyst Sd-wan Manager
Timeline
PublishedFeb 25
Latest updateFeb 26

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager20.1120.12.5.3+4
CVEListV5cisco/cisco_catalyst_sd-wan_manager335 versions+334

🔴Vulnerability Details

2
CVEList
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability2026-02-25
GHSA
GHSA-mjw4-rp5q-2h7w: A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the under2026-02-25

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Vulnerabilities2026-02-26

🕵️Threat Intelligence

1
Wiz
CVE-2026-20126 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20126 (HIGH CVSS 7.8) | A vulnerability in Cisco Catalyst S | cvebase.io