Skip to main content

Catalyst Sd Wan Manager CVE-2026-20129

CRITICAL
Improper Authentication (CWE-287)
2026-02-25 psirt@cisco.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 25, 2026 - 17:25 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.

The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. 

AnalysisAI

Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127).

Technical ContextAI

CWE-287 authentication bypass in the SD-WAN Manager API. Unauthenticated attackers can access management functions.

RemediationAI

Apply Cisco security update. Restrict SD-WAN Manager API access.

CVE-2026-20127 CRITICAL POC
10.0 Feb 25

Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the

CVE-2022-20775 HIGH POC
7.8 Sep 30

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privil

CVE-2023-20252 CRITICAL
9.8 Sep 27

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could al

CVE-2021-1468 CRITICAL
9.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1479 CRITICAL
9.8 Apr 08

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1301 CRITICAL
9.8 Jan 20

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks aga

CVE-2021-1300 CRITICAL
9.8 Jan 20

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks aga

CVE-2023-20214 CRITICAL
9.1 Aug 03

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow a

CVE-2026-20126 HIGH
8.8 Feb 25

Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low priv

CVE-2022-20696 HIGH
8.8 Sep 08

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated,

CVE-2021-1508 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

CVE-2021-1505 HIGH
8.8 May 06

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arb

Share

CVE-2026-20129 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy