CVE-2026-20126
Received Received - Intake
Privilege Escalation via REST API in Cisco Catalyst SD-WAN Manager

Publication date: 2026-02-25

Last updated on: 2026-03-04

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-03-04
Generated
2026-05-06
AI Q&A
2026-02-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20126
EUVD
EUVD-2026-8674
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
cisco catalyst_sd-wan_manager to 20.9.8.2 (exc)
cisco catalyst_sd-wan_manager From 20.11 (inc) to 20.12.5.3 (exc)
cisco catalyst_sd-wan_manager From 20.13 (inc) to 20.15.4.2 (exc)
cisco catalyst_sd-wan_manager From 20.16 (inc) to 20.18.2.1 (exc)
cisco catalyst_sd-wan_manager 20.12.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-648 The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Cisco Catalyst SD-WAN Manager and allows an authenticated local attacker with low privileges to escalate their privileges to root on the underlying operating system.

The root cause is an insufficient user authentication mechanism in the REST API of the affected system.

An attacker can exploit this by sending a specially crafted request to the REST API, which could result in gaining root privileges.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker with low-level access to gain full root privileges on the system.

This means the attacker could take complete control over the underlying operating system, potentially leading to unauthorized access, data theft, system manipulation, or disruption of services.

The CVSS score of 8.8 indicates a high severity impact, affecting confidentiality, integrity, and availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart