CVE-2026-20122

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)

Description A flaw exists in the API of Cisco Catalyst SD-WAN Manager that may allow a remote attacker with valid read-only credentials and API access to overwrite arbitrary files on the local file system. This is caused by improper file handling on the API interface. An attacker could exploit this by uploading a malicious file, potentially gaining vmanage user privileges. The API is the entry point for this issue. The vulnerable operation involves file uploading via the API.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.