ATLA WIRE

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

06.03.2026
19809
Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
Cisco warns CVE-2026-20122 and CVE-2026-20128 in Catalyst SD-WAN Manager are actively exploited; patches released across multiple software versions.

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco just dropped a major security alert — two critical vulnerabilities in their Catalyst SD-WAN Manager are being actively exploited in the wild. If you're running this network management software, patch NOW.
The vulnerabilities tracked as CVE-2026-20122 and CVE-2026-20128 affect multiple versions of Cisco's Catalyst SD-WAN Manager software. Cisco has confirmed active exploitation and released patches across affected versions.
CVE-2026-20122 is a privilege escalation vulnerability that could allow authenticated attackers to gain root access to the underlying operating system. CVE-2026-20128 is an arbitrary file upload vulnerability that could enable remote code execution.
Both vulnerabilities have been assigned CVSS scores of 9.8 (Critical) and affect Catalyst SD-WAN Manager versions 20.12 through 20.14. Cisco has released fixes in versions 20.12.4, 20.13.2, and 20.14.1.
The company warns that successful exploitation could allow attackers to take complete control of affected systems, potentially compromising entire SD-WAN deployments and network infrastructure.
Cisco's Product Security Incident Response Team (PSIRT) is aware of active exploitation in the wild and recommends immediate patching. No workarounds exist for these vulnerabilities — patching is the only mitigation.
The vulnerabilities were discovered and reported to Cisco by external security researchers. Cisco has credited the researchers in their security advisory but hasn't disclosed their identities.
This comes as network infrastructure continues to be a prime target for attackers, with SD-WAN deployments becoming increasingly critical for modern enterprise connectivity and security.
  • Affected Products: Cisco Catalyst SD-WAN Manager
  • Vulnerabilities: CVE-2026-20122 (Privilege Escalation), CVE-2026-20128 (Arbitrary File Upload)
  • CVSS Score: 9.8 (Critical) for both
  • Status: Actively exploited in the wild
  • Patches Available: Versions 20.12.4, 20.13.2, 20.14.1
  • Recommendation: Immediate patching required
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
Banner | ATLA WIRE
    Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities