CVE-2026-20129

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 20.18

Description A flaw exists in the API user authentication of Cisco Catalyst SD-WAN Manager that could allow an unauthenticated, remote attacker to gain access to an affected system with

netadmin

privileges. The issue is due to improper authentication for requests sent to the API. An attacker could exploit this by sending a crafted request to the API, potentially allowing them to execute commands with

netadmin

privileges. The API endpoint is vulnerable to authentication bypass. The

netadmin

role provides elevated access, potentially leading to full control over the affected system.

Recommendations Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later.