Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2026-20122

MEDIUM severity · CVSS 5.4 · CWE-648 · actively exploited (CISA KEV)
5.4CVSS MEDIUM exploited
Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2026-04-20. US federal agencies must patch by 2026-04-23.

Summary

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactNone
Exploit probability (EPSS)6%

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products we track (1)

Catalyst SD-WAN Manager

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Additional information