Cisco SD-WAN Software Allows Attackers to Gain Administrator Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

10.0

Cisco SD-WAN Software Allows Attackers to Gain Administrator Access

Known exploited

CVE-2026-20127 CVE-2026-20127

Summary

Certain Cisco SD-WAN software has a flaw that lets hackers gain full control over the system without needing a password. This could let them change network settings, which could disrupt business operations. Update your software to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
cisco	catalyst sd-wan controller and manager	All versions	–
cisco	catalyst_sd-wan_manager	<= 20.9.8.2	–
cisco	catalyst_sd-wan_manager	> 20.11 , <= 20.12.5.3	–
cisco	catalyst_sd-wan_manager	> 20.13 , <= 20.15.4.2	–
cisco	catalyst_sd-wan_manager	> 20.16 , <= 20.18.2.1	–
cisco	catalyst_sd-wan_manager	20.12.6	–
cisco	sd-wan_vsmart_controller	<= 20.9.8.2	–
cisco	sd-wan_vsmart_controller	> 20.11 , <= 20.12.5.3	–
cisco	sd-wan_vsmart_controller	> 20.13 , <= 20.15.4.2	–
cisco	sd-wan_vsmart_controller	> 20.16 , <= 20.18.2.1	–
cisco	sd-wan_vsmart_controller	20.12.6	–

Original title

Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability

Original description

Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

Vulnerability type

CWE-287 Improper Authentication

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-... US Government Resource

Published: 25 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026