CVE-2026-20128 - Cisco Catalyst SD-WAN Manager
AI Vulnerability ContextA vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA p...
Overview
A source-backed snapshot of this vulnerability.
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2026-20128
- Vendor/project
- Cisco
- Product
- Catalyst SD-WAN Manager
- Vulnerability name
- Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Date added
- 2026-04-20
- Due date
- 2026-04-23
- Known ransomware campaign use
- Unknown
- CVSS v3
- 7.5
Exploit context
What the vulnerability is about.
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
