CVE-2026-20122

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)

Description An issue in the API of Cisco Catalyst SD-WAN Manager, specifically within the Data Collection Agent (DCA) service, results from improper file handling and the incorrect use of privileged application programming interfaces (APIs). An authenticated remote attacker with valid read-only credentials and API access can exploit this by uploading a malicious file to the local file system. This allows the attacker to overwrite arbitrary files, potentially leading to the acquisition of vmanage user privileges and unauthorized access to protected information. This issue has been actively exploited in real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.