Description
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 
Published: 2026-02-25
Score: 10 Critical
EPSS: 33.3% Moderate
KEV: Yes
Impact: Remote Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

A flaw in the peering authentication mechanism of Cisco Catalyst SD‑WAN Controller and Manager allows an unauthenticated, remote attacker to bypass authentication, log in as a high‑privileged non‑root user, and access NETCONF to manipulate the SD‑WAN fabric. The vulnerability is a classic authentication bypass (CWE‑287) that can compromise confidentiality, integrity, and availability of the network configuration.

Affected Systems

Affected are Cisco Catalyst SD‑WAN Manager and SD‑WAN vSmart Controller, specifically versions 20.12.6 and any release that has not yet incorporated the fix. The vulnerability can impact any installation of these products that uses the default peering authentication configuration.

Risk and Exploitability

The CVSS base score of 10 combined with an EPSS of 0.33% indicates a catastrophic severity but a low likelihood of exploitation. The vulnerability is catalogued by CISA’s Known Exploited Vulnerabilities list. Attackers can send crafted requests over the network to trigger the bypass; the vector is inferred to be remote over the peering or control plane interfaces, giving the attacker an internal, high‑privileged account without requiring credentials.

Generated by OpenCVE AI on April 22, 2026 at 03:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to the latest version of Cisco Catalyst SD‑WAN Controller and Manager that resolves the peering authentication flaw.
  • If patching cannot occur immediately, isolate the affected controller from external networks, enforce strict firewall rules to block unsolicited peering traffic, and disable remote NETCONF access until the vulnerability is remediated.
  • Ensure all peering authentication uses encrypted, certificate‑based credentials and prohibit use of default or weak identities until the fix is deployed.

Generated by OpenCVE AI on April 22, 2026 at 03:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco sd-wan Vsmart Controller
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.12.6:*:*:*:*:*:*:*
Vendors & Products Cisco sd-wan Vsmart Controller

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Thu, 26 Feb 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 18:30:00 +0000

Type Values Removed Values Added
References

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 
Title Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

kev

{'dateAdded': '2026-02-25T00:00:00+00:00', 'dueDate': '2026-02-27T00:00:00+00:00'}

Subscriptions

Cisco Catalyst Sd-wan Manager Sd-wan Vsmart Controller
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-02-26T14:44:06.050Z

Reserved: 2025-10-08T11:59:15.379Z

Link: CVE-2026-20127

cve-icon Vulnrichment

Updated: 2026-02-25T17:56:39.192Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T17:25:29.477

Modified: 2026-02-26T16:20:02.187

Link: CVE-2026-20127

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T03:45:06Z

Weaknesses