PT-2026-21953 · Cisco · Cisco Catalyst Sd-Wan Manager

Arthur Vidineyev

·

Published

2026-02-25

·

Updated

2026-03-05

·

CVE-2026-20126

CVSS v3.1
8.8
VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)
Description A flaw exists in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this by sending a request to the REST API. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. The vulnerable component is the REST API.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Weakness Enumeration

CWE-648

Related Identifiers

BDU:2026-02318
CVE-2026-20126

Affected Products

Cisco Catalyst Sd-Wan Manager