Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Cisco Catalyst SD-WAN Manager allows authenticated attacker to overwrite files locally
CVE-2026-20122
Summary
A hacker with legitimate login credentials can upload a malicious file to your Cisco Catalyst SD-WAN Manager, potentially overwriting important system files and gaining administrative access. This could happen if an attacker with read-only access to your system's API can gain write access. You should check your system's configuration to ensure that only authorized users have API access and consider updating your software to a patched version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cisco | catalyst_sd-wan_manager | <= 20.9.8.2 | – |
| cisco | catalyst_sd-wan_manager | > 20.11 , <= 20.12.5.3 | – |
| cisco | catalyst_sd-wan_manager | > 20.13 , <= 20.15.4.2 | – |
| cisco | catalyst_sd-wan_manager | > 20.16 , <= 20.18.2.1 | – |
| cisco | catalyst_sd-wan_manager | 20.12.6 | – |
Original title
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the a...
Original description
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
nvd CVSS3.1
5.4
Vulnerability type
CWE-648
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026