CVE-2026-20128

CWE-257 CWE-200 — Information Exposure CWE-287 — Improper Authentication CWE-6488 documents8 sources

Severity

7.5HIGH

EPSS

0.0%

top 98.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Sd-wan Manager Cisco Cisco Catalyst Sd-wan Manager

Timeline

PublishedFeb 25

Latest updateMar 5

Description

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker t…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 0.8 | Impact: 6.0

Affected Packages2 packages

▶NVDcisco/catalyst_sd-wan_manager20.11 — 20.12.5.3+4

▶CVEListV5cisco/cisco_catalyst_sd-wan_manager136 versions+135

🔴Vulnerability Details

CVEList

Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability↗2026-02-25

▶

GHSA

GHSA-mp6j-7g85-8pg2: A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA u↗2026-02-25

▶

VulnCheck

Cisco catalyst_sd-wan_manager Storing Passwords in a Recoverable Format↗2026

▶

📋Vendor Advisories

Cisco

Cisco Catalyst SD-WAN Vulnerabilities↗2026-02-26

▶

🕵️Threat Intelligence

Bleepingcomputer

Cisco flags more SD-WAN flaws as actively exploited in attacks↗2026-03-05

▶

Tenable

CVE-2026-20127 Zero-Day Auth Bypass Exploited↗2026-02-25

▶

Wiz

CVE-2026-20128 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶