Sd Wan Vsmart Controller
CVE-2026-20127
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Articles & Coverage 1
AnalysisAI
Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.
Technical ContextAI
The peering authentication between SD-WAN controllers uses a flawed validation mechanism that can be bypassed by an unauthenticated attacker. SD-WAN controllers manage the entire overlay network — they distribute routing policies, security rules, and VPN configurations to all edge routers. Administrative access to vSmart/vManage means control over all traffic routing, segmentation, and security policies across every branch office and data center connected to the SD-WAN fabric.
RemediationAI
Apply Cisco security update immediately. Restrict control plane access to trusted management networks. Monitor for unauthorized peering sessions. Review SD-WAN configuration for unauthorized policy changes. Rotate all SD-WAN credentials and certificates after patching.
More in Sd Wan Vsmart Controller
View allA vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privil
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevat
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenti
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possib
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today