CVE detail

CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Cisco · Catalyst SD-WAN Manger

Date added (KEV): Apr 20, 2026
CISA due date: Apr 23, 2026
Ransomware campaign use: Unknown

Required action

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20122

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122US Government Resource

Other recent CVEs from Cisco

CVE-2026-20182Catalyst SD-WAN — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-20128Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
CVE-2026-20133Catalyst SD-WAN Manager — Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
CVE-2026-20131Secure Firewall Management Center (FMC) — Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
CVE-2022-20775SD-WAN — Cisco SD-WAN Path Traversal Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching Cisco changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology