Changeflow GovPing Data Privacy & Cybersecurity Cisco SD-WAN Manager API Flaw Allows File Overw...
Priority review Notice Added Final

Cisco SD-WAN Manager API Flaw Allows File Overwrite

Favicon for www.cisa.gov CISA Known Exploited Vulnerabilities (KEV)
Published
Detected
Email

Summary

CISA added CVE-2026-20122, a medium-severity (CVSS 5.4) vulnerability in Cisco Catalyst SD-WAN Manager, to its Known Exploited Vulnerabilities catalog. The flaw allows an authenticated, remote attacker with read-only credentials to overwrite arbitrary files on the affected system via improper handling on the API interface, potentially gaining vmanage user privileges. Over 335 product versions spanning multiple release lines are affected.

“A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system.”

CISA , verbatim from source
Published by CISA on cve.org . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

CISA added CVE-2026-20122 to its Known Exploited Vulnerabilities catalog. The vulnerability exists in the API interface of Cisco Catalyst SD-WAN Manager, allowing an authenticated remote attacker with valid read-only credentials to overwrite arbitrary files on the local file system and potentially achieve vmanage user privileges. The flaw is due to improper file handling on the API. Over 335 versions across multiple release lines (17.x through 20.x) are affected. Federal agencies subject to BOD 22-01 are required to remediate known exploited vulnerabilities per CISA binding operational directives, though the source does not state a specific deadline for this entry.

Organizations running Cisco Catalyst SD-WAN Manager should inventory their deployments against the affected version list, apply available patches or mitigations, restrict API access to trusted users only, and monitor for indicators of exploitation targeting this vulnerability.

Archived snapshot

Apr 21, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Required CVE Record Information

CNA: Cisco Systems, Inc.

Updated:

2026-03-20

Description

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

CWE 1 Total

Learn more
- CWE-648: Incorrect Use of Privileged APIs

CVSS 1 Total

Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 5.4 | MEDIUM | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |

Product Status

Learn more Versions 335 Total

Default Status: unknown

affected

  • affected at 20.1.12

  • affected at 19.2.1

  • affected at 18.4.4

  • affected at 18.4.5

  • affected at 20.1.1.1

  • affected at 20.1.1

  • affected at 19.3.0

  • affected at 19.2.2

  • affected at 19.2.099

  • affected at 18.3.6

  • affected at 18.3.7

  • affected at 19.2.0

  • affected at 18.3.8

  • affected at 19.0.0

  • affected at 19.1.0

  • affected at 18.4.302

  • affected at 18.4.303

  • affected at 19.2.097

  • affected at 19.2.098

  • affected at 17.2.10

  • affected at 18.3.6.1

  • affected at 19.0.1a

  • affected at 18.2.0

  • affected at 18.4.3

  • affected at 18.4.1

  • affected at 17.2.8

  • affected at 18.3.3.1

  • affected at 18.4.0

  • affected at 18.3.1

  • affected at 17.2.6

  • affected at 17.2.9

  • affected at 18.3.4

  • affected at 17.2.5

  • affected at 18.3.1.1

  • affected at 18.3.5

  • affected at 18.4.0.1

  • affected at 18.3.3

  • affected at 17.2.7

  • affected at 17.2.4

  • affected at 18.3.0

  • affected at 19.2.3

  • affected at 18.4.501_ES

  • affected at 20.3.1

  • affected at 20.1.2

  • affected at 19.2.929

  • affected at 19.2.31

  • affected at 20.3.2

  • affected at 19.2.32

  • affected at 20.3.2_925

  • affected at 20.3.2.1

  • affected at 20.3.2.1_927

  • affected at 18.4.6

  • affected at 20.1.2_937

  • affected at 20.4.1

  • affected at 20.3.2_928

  • affected at 20.3.2_929

  • affected at 20.4.1.0.1

  • affected at 20.3.2.1_930

  • affected at 19.2.4

  • affected at 20.5.0.1.1

  • affected at 20.4.1.1

  • affected at 20.3.3

  • affected at 19.2.4.0.1

  • affected at 20.3.2_937

  • affected at 20.3.3.1

  • affected at 20.5.1

  • affected at 20.1.3

  • affected at 20.3.3.0.4

  • affected at 20.3.3.1.2

  • affected at 20.3.3.1.1

  • affected at 20.4.1.2

  • affected at 20.3.3.0.2

  • affected at 20.4.1.1.5

  • affected at 20.4.1.0.01

  • affected at 20.4.1.0.02

  • affected at 20.3.3.1.7

  • affected at 20.3.3.1.5

  • affected at 20.5.1.0.1

  • affected at 20.3.3.1.10

  • affected at 20.3.3.0.8

  • affected at 20.4.2

  • affected at 20.4.2.0.1

  • affected at 20.3.4

  • affected at 20.3.3.0.14

  • affected at 19.2.4.0.8

  • affected at 19.2.4.0.9

  • affected at 20.3.4.0.1

  • affected at 20.3.2.0.5

  • affected at 20.6.1

  • affected at 20.5.1.0.2

  • affected at 20.3.3.0.17

  • affected at 20.6.1.1

  • affected at 20.6.0.18.3

  • affected at 20.3.2.0.6

  • affected at 20.6.0.18.4

  • affected at 20.4.2.0.2

  • affected at 20.3.3.0.16

  • affected at 20.3.4.0.5

  • affected at 20.6.1.0.1

  • affected at 20.3.4.0.6

  • affected at 20.6.2

  • affected at 20.7.1EFT2

  • affected at 20.3.4.0.9

  • affected at 20.3.4.0.11

  • affected at 20.4.2.0.4

  • affected at 20.3.3.0.18

  • affected at 20.7.1

  • affected at 20.6.2.1

  • affected at 20.3.4.1

  • affected at 20.5.1.1

  • affected at 20.4.2.1

  • affected at 20.4.2.1.1

  • affected at 20.3.4.1.1

  • affected at 20.3.813

  • affected at 20.3.4.0.19

  • affected at 20.4.2.2.1

  • affected at 20.5.1.2

  • affected at 20.3.4.2

  • affected at 20.3.814

  • affected at 20.4.2.2

  • affected at 20.6.2.2

  • affected at 20.3.4.2.1

  • affected at 20.7.1.1

  • affected at 20.3.4.1.2

  • affected at 20.6.2.2.2

  • affected at 20.3.4.0.20

  • affected at 20.6.2.2.3

  • affected at 20.4.2.2.2

  • affected at 20.3.5

  • affected at 20.6.2.0.4

  • affected at 20.4.2.2.3

  • affected at 20.3.4.0.24

  • affected at 20.6.2.2.7

  • affected at 20.6.3

  • affected at 20.3.4.2.2

  • affected at 20.4.2.2.4

  • affected at 20.7.1.0.2

  • affected at 20.8.1

  • affected at 20.3.5.0.8

  • affected at 20.3.5.0.9

  • affected at 20.4.2.2.8

  • affected at 20.3.5.0.7

  • affected at 20.6.3.0.7

  • affected at 20.6.3.0.5

  • affected at 20.6.3.0.10

  • affected at 20.6.3.0.2

  • affected at 20.7.2

  • affected at 20.9.1EFT2

  • affected at 20.6.3.0.11

  • affected at 20.6.3.1

  • affected at 20.6.3.0.14

  • affected at 20.6.4

  • affected at 20.9.1

  • affected at 20.6.3.0.19

  • affected at 20.6.3.0.18

  • affected at 20.3.6

  • affected at 20.9.1.1

  • affected at 20.6.3.0.23

  • affected at 20.6.4.0.4

  • affected at 20.6.3.0.25

  • affected at 20.6.5

  • affected at 20.6.3.0.27

  • affected at 20.9.2

  • affected at 20.9.2.1

  • affected at 20.6.3.0.29

  • affected at 20.6.3.0.31

  • affected at 20.6.3.0.32

  • affected at 20.10.1

  • affected at 20.6.3.0.33

  • affected at 20.9.2.0.01

  • affected at 20.9.1LIImages

  • affected at 20.10.1LIImages

  • affected at 20.9.2LIImages

  • affected at 20.3.7

  • affected at 20.9.3

  • affected at 20.6.5.1

  • affected at 20.11.1

  • affected at 20.11.1LIImages

  • affected at 20.9.3LI Images

  • affected at 20.6.3.1.1

  • affected at 20.9.3.0.2

  • affected at 20.6.5.1.2

  • affected at 20.9.3.0.3

  • affected at 20.4.2.3

  • affected at 20.6.3.2

  • affected at 20.6.4.1

  • affected at 20.6.3.0.38

  • affected at 20.6.3.0.39

  • affected at 20.3.5.1

  • affected at 20.3.4.3

  • affected at 20.9.3.1

  • affected at 20.3.3.2

  • affected at 20.6.5.2

  • affected at 20.3.7.1

  • affected at 20.10.1.1

  • affected at 20.6.5.2.1

  • affected at 20.3.4.0.25

  • affected at 20.6.2.2.4

  • affected at 20.6.1.2

  • affected at 20.11.1.1

  • affected at 20.9.3.0.5

  • affected at 20.3.4.0.26

  • affected at 20.6.5.1.3

  • affected at 20.6.3.0.40

  • affected at 20.1.3.1

  • affected at 20.9.2.2

  • affected at 20.6.5.2.3

  • affected at 20.6.5.1.4

  • affected at 20.6.5.3

  • affected at 20.6.3.0.41

  • affected at 20.9.3.0.7

  • affected at 20.6.5.1.5

  • affected at 20.9.3.0.4

  • affected at 20.6.4.0.19

  • affected at 20.6.5.1.6

  • affected at 20.9.3.0.8

  • affected at 20.6.3.3

  • affected at 20.3.7.2

  • affected at 20.6.5.4

  • affected at 20.6.5.1.7

  • affected at 20.9.3.0.12

  • affected at 20.6.4.2

  • affected at 20.6.5.5

  • affected at 20.9.3.2

  • affected at 20.11.1.2

  • affected at 20.6.3.4

  • affected at 20.10.1.2

  • affected at 20.6.5.1.9

  • affected at 20.9.3.0.16

  • affected at 20.6.3.0.45

  • affected at 20.6.5.1.10

  • affected at 20.9.3.0.17

  • affected at 20.6.5.2.4

  • affected at 20.6.4.0.21

  • affected at 20.9.3.0.18

  • affected at 20.6.3.0.46

  • affected at 20.6.3.0.47

  • affected at 20.9.2.3

  • affected at 20.9.3.2LIImages

  • affected at 20.9.3.0.21

  • affected at 20.9.3.0.20

  • affected at 20.9.4LIImages

  • affected at 20.9.4

  • affected at 20.6.5.1.11

  • affected at 20.12.1

  • affected at 20.12.1LIImages

  • affected at 20.6.5.1.13

  • affected at 20.9.3.0.23

  • affected at 20.6.5.2.8

  • affected at 20.9.4.1

  • affected at 20.9.4.1LIImages

  • affected at 20.9.3.0.25

  • affected at 20.9.3.0.24

  • affected at 20.6.5.1.14

  • affected at 20.3.8

  • affected at 20.6.6

  • affected at 20.9.3.0.26

  • affected at 20.6.3.0.51

  • affected at 20.9.3.0.29

  • affected at 20.12.2

  • affected at 20.12.2LIImages

  • affected at 20.6.6.0.1

  • affected at 20.13.1LIImages

  • affected at 20.9.4.0.4

  • affected at 20.13.1

  • affected at 20.9.4.1.1

  • affected at 20.9.5

  • affected at 20.9.5LIImages

  • affected at 20.12.3LIImages

  • affected at 20.12.3

  • affected at 20.9.4.1.3

  • affected at 20.6.7

  • affected at 20.9.5.1

  • affected at 20.9.5.1LIImages

  • affected at 20.9.4.1.6

  • affected at 20.14.1

  • affected at 20.14.1LIImages

  • affected at 20.9.5.2

  • affected at 20.9.5.2.1

  • affected at 20.9.5.2LIImages

  • affected at 20.12.3.1

  • affected at 20.12.4

  • affected at 20.15.1LIImages

  • affected at 20.15.1

  • affected at 20.9.5.1.4

  • affected at 20.9.5.2.7

  • affected at 20.9.5.2.13

  • affected at 20.9.6

  • affected at 20.9.6LIImages

  • affected at 20.9.5.2.14

  • affected at 20.6.8

  • affected at 20.12.4.0.03

  • affected at 20.16.1

  • affected at 20.16.1LIImages

  • affected at 20.12.4LIImages

  • affected at 20.9.5.2.16

  • affected at 20.12.4.0.4

  • affected at 20.12.401

  • affected at 20.9.5.3

  • affected at 20.9.5.3LIImages

  • affected at 20.12.4.1LIImages

  • affected at 20.12.4.1

  • affected at 20.9.5.2.21

  • affected at 20.9.6.0.3

  • affected at 20.12.4.0.6

  • affected at 20.15.2LIImages

  • affected at 20.15.2

  • affected at 20.12.4MonthlyES5

  • affected at 20.12.5

  • affected at 20.12.5LIImages

  • affected at 20.9.7_LI _Images

  • affected at 20.9.7

  • affected at 20.15.3

  • affected at 20.15.3_ LI _Images

  • affected at 20.12.501

  • affected at 20.12.5.1LIImages

  • affected at 20.12.5.1

  • affected at 20.12.5.2LIImages

  • affected at 20.12.5.2

  • affected at 20.15.3.1

  • affected at 20.15.4LIImages

  • affected at 20.15.4

  • affected at 20.9.7.1_LI _Images

  • affected at 20.9.7.1

  • affected at 20.18.1

  • affected at 20.18.1LIImages

  • affected at 20.12.6LIImages

  • affected at 20.12.6

  • affected at 20.12.5.1.01

  • affected at 20.9.8

  • affected at 20.9.8LIImages

  • affected at 20.18.2

  • affected at 20.15.4.1LIImages

  • affected at 20.15.4.1

  • affected at 20.18.2LIImages

References 1 Total

Authorized Data Publishers

Learn more

CISA-ADP

SSVC and KEV, plus CVSS and CWE if not provided by the CNA.

SSVC 1 Total

Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | no | total | 2.0.3 | 2026-03-05 |

KEV 1 Total

Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122 (2026-04-20)

Related changes

Favicon for www.cisa.gov CVE-2026-20133: Cisco Catalyst SD-WAN Manager Sensitive Data Exposure Vulnerability
Priority review Apr 21, 2026 CISA Known Exploited Vulnerabilities (KEV) Data Privacy & Cybersecurity
Favicon for www.cisa.gov Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems
Urgent Apr 20, 2026 US CISA News Data Privacy & Cybersecurity
Favicon for www.cisa.gov Supply Chain Compromise Impacts Axios Node Package Manager
Priority review Apr 20, 2026 US CISA Advisories Data Privacy & Cybersecurity

Get daily alerts for CISA Known Exploited Vulnerabilities (KEV)

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cisa.gov
CISA Known Exploited Vulnerabilities (KEV) cisa.gov/known-exploited-vulnerabilities-catalog
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CISA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CISA
Published
March 20th, 2026
Instrument
Notice
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CVE-2026-20122

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability disclosure Software patching
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Network Infrastructure

Browse Categories

Agriculture & Food Safety 73 AI Regulation 3 Banking & Finance 406 Consumer Protection 89 Courts & Legal 411 Data Privacy & Cybersecurity 90 Defense & National Security 53 Education 55 Energy 100 Environment 151 Gaming 2 Government & Legislation 430 Healthcare 15 Healthcare & Life Sciences 375 Immigration 10 Insurance 76 Labor & Employment 132 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 78 Securities & Markets 154 Tax 78 Telecom & Technology 47 Trade & Sanctions 141 Transportation 91

Get alerts for this source

We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!