Description
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.

This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.
Published: 2026-02-25
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Root on the operating system
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in Cisco Catalyst SD‑WAN Manager allows an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. The flaw is caused by an insufficient authentication mechanism in the REST API that can be bypassed through crafted requests. The resulting escalation can compromise the entire device, allowing full control over network functions and configuration. The weakness is classified as CWE‑648.

Affected Systems

The affected product is Cisco Catalyst SD‑WAN Manager, including version 20.12.6 and earlier releases. The CPE entries confirm that the vulnerability applies to the SD‑WAN Manager product line. Users of newer, patched releases should verify that they are not affected.

Risk and Exploitability

The CVSS base score of 8.8 signals a high severity, while the EPSS score of less than 1 % indicates a very low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalogue. The likely attack vector is a local network connection where the attacker has authenticated with a non‑privileged account; the REST API endpoint can then be exploited to elevate privileges to root. If exploited, the attacker can modify, disable, or disrupt all SD‑WAN services, leading to loss of confidentiality, integrity, and availability of the network.

Generated by OpenCVE AI on April 16, 2026 at 06:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Cisco’s published patch or upgrade the SD‑WAN Manager to a version that includes the fix (e.g., 20.12.7 or later).
  • Restrict local management network access to the SD‑WAN Manager by firewalling or VLAN segmentation, allowing only trusted administrators to reach the REST API.
  • Enforce strong authentication and, if possible, disable the REST API endpoints that do not require elevated privileges; review access controls to ensure no enumeration or privilege‑escalation paths remain.

Generated by OpenCVE AI on April 16, 2026 at 06:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Thu, 26 Feb 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to&nbsp;gain root privileges on the underlying operating system.
Title Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Weaknesses CWE-648
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Cisco Catalyst Sd-wan Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-20T21:48:28.435Z

Reserved: 2025-10-08T11:59:15.378Z

Link: CVE-2026-20126

cve-icon Vulnrichment

Updated: 2026-02-25T18:17:57.061Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T17:25:28.840

Modified: 2026-03-04T21:21:49.053

Link: CVE-2026-20126

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses