CVE-2026-20122

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) (affected versions not specified)

Description A flaw exists in the API of Cisco Catalyst SD-WAN Manager that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. The attacker must possess valid read-only credentials with API access on the affected system. This is due to improper file handling within the API interface. Successful exploitation may allow the attacker to overwrite files and potentially gain vmanage user privileges. Cisco has confirmed active exploitation of this issue in the wild. The vulnerability is related to the use of privileged application programming interfaces (APIs).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.