CVE-2026-20128

Confirmed PUBLISHED

Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

Cisco · Cisco Catalyst SD-WAN Manager

1 day faster than CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.5 High EPSS 5.3%

At a Glance

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

cisa edge
CVE Published
Feb 25, 2026
Exploitation Reported
Jun 01, 2026
CVSS
7.5 High
EPSS
5.3%
No user interaction

Affected Versions

136 version rows · page 4 of 6

Vendor Product Version Status
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.3.0.14

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.4.0.8

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.4.0.9

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.0.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.2.0.5

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.5.1.0.2

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.6.1.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.6.0.18.3

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.2.0.6

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.6.0.18.4

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.4.2.0.2

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.3.0.16

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.6.1.0.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.0.6

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.7.1EFT2

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.0.9

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.0.11

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.3.0.18

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.6.2.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.4.2.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.4.2.1.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.4.1.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.3.813

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.