Skip to main content

Sd Wan Vsmart Controller CVE-2026-20127

CRITICAL
Improper Authentication (CWE-287)
2026-02-25 psirt@cisco.com
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Added to CISA KEV
Feb 26, 2026 - 16:20 cisa
CISA KEV
PoC Detected
Feb 26, 2026 - 16:20 vuln.today
Public exploit code
CVE Published
Feb 25, 2026 - 17:25 nvd
CRITICAL 10.0

DescriptionNVD

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

AnalysisAI

Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric.

Technical ContextAI

The peering authentication between SD-WAN controllers uses a flawed validation mechanism that can be bypassed by an unauthenticated attacker. SD-WAN controllers manage the entire overlay network — they distribute routing policies, security rules, and VPN configurations to all edge routers. Administrative access to vSmart/vManage means control over all traffic routing, segmentation, and security policies across every branch office and data center connected to the SD-WAN fabric.

RemediationAI

Apply Cisco security update immediately. Restrict control plane access to trusted management networks. Monitor for unauthorized peering sessions. Review SD-WAN configuration for unauthorized policy changes. Rotate all SD-WAN credentials and certificates after patching.

Share

CVE-2026-20127 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy