Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2026-20128

HIGH severity · CVSS 7.5 · CWE-257 · actively exploited (CISA KEV)
7.5CVSS HIGH exploited
Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2026-04-20. US federal agencies must patch by 2026-04-23.

Summary

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

Impact & exploitability

Attack vectorLocal
Attack complexityHigh
Privileges requiredHigh
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)5%

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products we track (1)

Catalyst SD-WAN Manager

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Additional information