Description
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.

The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. 
Published: 2026-02-25
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to netadmin
Action: Immediate Patch
AI Analysis

Impact

The flaw is an improper authentication bug in the Catalyst SD‑WAN Manager API that permits an unauthenticated attacker to send a crafted request and receive a session that has netadmin rights. The resulting capabilities are the same as a legitimate netadmin user, enabling the attacker to run arbitrary management commands, alter configuration, and potentially disrupt network services. This represents a high‑impact privilege escalation that could compromise the confidentiality, integrity, and availability of the SD‑WAN fabric.

Affected Systems

The vulnerability affects Cisco Catalyst SD‑WAN Manager versions older than 20.18, including 20.12.6 and earlier releases. Versions 20.18 and later are not vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of less than 1% suggests a low probability of real‑world exploitation at this time. The flaw is not listed in CISA’s KEV catalog, but the attack vector is remote via HTTP(S) to the API endpoint, requiring no privileged network access. An attacker must simply identify an exposed SD‑WAN Manager instance and send the crafted API request to elevate privileges.

Generated by OpenCVE AI on April 16, 2026 at 06:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cisco Catalyst SD‑WAN Manager to release 20.18 or later, which removes the authentication flaw.
  • Restrict external access to the SD‑WAN Manager API by applying network segmentation, firewall rules, or ACLs to limit traffic to trusted hosts.
  • Enforce strong authentication and consider additional controls such as MFA for netadmin accounts to reduce the impact if any credential compromise occurs.

Generated by OpenCVE AI on April 16, 2026 at 06:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Thu, 26 Feb 2026 06:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the&nbsp;netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.&nbsp;
Title Cisco Catayst SD-WAN Authentication Bypass Vulnerability
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Cisco Catalyst Sd-wan Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-03-20T21:47:59.021Z

Reserved: 2025-10-08T11:59:15.379Z

Link: CVE-2026-20129

cve-icon Vulnrichment

Updated: 2026-02-25T18:17:55.885Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T17:25:30.343

Modified: 2026-03-04T21:16:28.077

Link: CVE-2026-20129

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:15:26Z

Weaknesses