COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-20128

CVE-2026-20128

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20128
⌖ exploited in the wild shame 65/100 exploited-in-wilddefault-credshardcoded-credsunpatchedprivilege-escalation

Cisco Catalyst SD-WAN Manager stores passwords in a recoverable format, allowing local attackers to escalate privileges by reading credential files.

This vulnerability enables local privilege escalation by exposing password files in a recoverable format, which poses a significant risk to DIB organizations relying on Cisco SD-WAN infrastructure for secure communications. While not a remote exploit, the local access vector combined with the recoverable password storage creates a high embarrassment score due to the avoidable nature of the flaw and its direct impact on authentication integrity.

Shame score — The vulnerability stems from a design flaw where passwords are stored in a recoverable format, which is a preventable security misconfiguration that undermines trust in Cisco's SD-WAN security posture.

Players implicated

Cisco Systems Inc. · vendorCatalyst SD-WAN Manager · product

Description

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

Affected FedRAMP products 9 in the catalog

ProductProviderStatusMatch
AppDynamics GovAPM AppDynamics (a Cisco company) Authorized dex-judge · 0.95
Cisco Cloudlock for Government Cisco Systems Inc. Authorized vendor-exact · 0.90
Cisco Meraki for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco SD-WAN for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Umbrella for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) Cisco Systems Inc. Authorized vendor-exact · 0.90
Duo Federal Duo Security (A Cisco Company) Authorized dex-judge · 0.95
WebEx Contact Center Enterprise for Government (WxCCE-G) Cisco Systems Inc. In Process vendor-exact · 0.90
Webex for Government Cisco Systems Inc. Authorized vendor-exact · 0.90