CVE-2026-20128

CVSS v3.1

7.5

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 20.18

Description A security issue exists within the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager. A local attacker with valid

vmanage

credentials can potentially gain DCA user privileges on a vulnerable system. This is due to the presence of a credential file containing the DCA user's password on the affected system. An attacker could access the filesystem with low-privileged access and read this file, potentially gaining access to other affected systems and elevated privileges.

Recommendations Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-257

Related Identifiers

BDU:2026-02320

CVE-2026-20128

Affected Products

Cisco Catalyst Sd-Wan Manager

CVE-2026-20128

Weakness Enumeration

Related Identifiers

Affected Products

References · 6