PromptRiskDBThreat intelligence atlas

CVE-2026-20122 - Cisco Catalyst SD-WAN Manger

AI Vulnerability Context

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnera...

Overview

A source-backed snapshot of this vulnerability.

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

CISA KEVyesWhether CISA lists this as exploited.
Techniques0AI attack methods connected to this vulnerability.
Case studies0Examples where this vulnerability is mentioned.

Vulnerability status

How serious this vulnerability is and whether it is known to be exploited.

CISA KEVMEDIUM
CVE ID
CVE-2026-20122
Vendor/project
Cisco
Product
Catalyst SD-WAN Manger
Vulnerability name
Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
Date added
2026-04-20
Due date
2026-04-23
Known ransomware campaign use
Unknown
CVSS v3
5.4
CWE-648

Exploit context

What the vulnerability is about.

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Source evidence

Original public records and references for this page.

Original source

Original source links

Open the public records and source datasets used for this page.