COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-20122

CVE-2026-20122

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20122
⌖ exploited in the wild shame 45/100 exploited-in-wildprivilege-escalationunpatched

Cisco Catalyst SD-WAN Manager allows attackers to overwrite arbitrary files and gain vmanage privileges via local file upload.

This vulnerability stems from improper file handling in the API interface, enabling attackers to overwrite arbitrary files and escalate to vmanage user privileges. For DIB organizations, this poses a significant risk as it bypasses standard access controls and allows privilege escalation within the SD-WAN management plane. Organizations must patch immediately and restrict local file system access to prevent exploitation.

Shame score — A local file upload vulnerability that allows privilege escalation, though not directly remote code execution, still represents a significant security failure.

Players implicated

Cisco Systems Inc. · vendorCatalyst SD-WAN Manger · product

Description

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Affected FedRAMP products 9 in the catalog

ProductProviderStatusMatch
AppDynamics GovAPM AppDynamics (a Cisco company) Authorized dex-judge · 0.95
Cisco Cloudlock for Government Cisco Systems Inc. Authorized vendor-exact · 0.90
Cisco Meraki for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco SD-WAN for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Umbrella for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) Cisco Systems Inc. Authorized vendor-exact · 0.90
Duo Federal Duo Security (A Cisco Company) Authorized dex-judge · 0.95
WebEx Contact Center Enterprise for Government (WxCCE-G) Cisco Systems Inc. In Process vendor-exact · 0.90
Webex for Government Cisco Systems Inc. Authorized vendor-exact · 0.90