Zero Day MonitorZDM

← Back to list

10.0

CVE-2026-20127KEVEXPLOITEDPATCHED

cis · catalyst_sd-wan_manager

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, r

Description

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 

Affected Products

Vendor	Product	Versions
cis	catalyst_sd-wan_manager	< 20.9.8.2, < 20.12.5.3, < 20.15.4.2, < 20.18.2.1, < 20.9.8.2, < 20.12.5.3, < 20.15.4.2, < 20.18.2.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cis	sd-wan_vsmart_controller	cve_cpe	95%
cis	catalyst sd-wan	cert_advisory	90%

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk(Vendor Advisory)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127(US Government Resource)

Related News (5 articles)

Tier C

Cisco Talos3h ago

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

→ No new info (linked only)

Tier C

Rapid7 Blog3h ago

CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)

→ No new info (linked only)

Tier D

BleepingComputer23d ago

CISA flags new SD-WAN flaw as actively exploited in attacks

→ No new info (linked only)

Tier B

BSI Advisories23d ago

[UPDATE] [kritisch] Cisco Catalyst SD-WAN Manager und SD-WAN Controller: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

Rapid7 Blog34d ago

Metasploit Wrap-Up 04/10/2026

→ No new info (linked only)

CVSS 3.110.0 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

20.9.8.220.12.5.320.15.4.220.18.2.1

CWECWE-287, CWE-287, CWE-20

PublishedFeb 25, 2026

Last enriched3h agov2

Tags

authentication bypassactive exploitation

Trending Score118🔥

Source articles5

Independent4

Info Completeness12/14

Missing: epss, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-20188

Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory

MEDIUMCVE-2026-20209EXP

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

MEDIUMCVE-2026-20210

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

HIGHCVE-2026-20034EXP

Cisco Unity Connection Remote Code Execution Vulnerability

HIGHCVE-2026-20224

Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 25, 2026

Added to CISA KEV

Feb 25, 2026

Actively Exploited

Feb 26, 2026

Exploit Available

Feb 26, 2026

Patch Available

Feb 26, 2026

Discovered by ZDM

Apr 1, 2026

Updated: cweIds, iocs, tags

May 14, 2026

Version History

v2

Last enriched 3h ago

v2Tier C3h ago

Updated description with details on ongoing exploitation and added new CWEs, IoCs, and tags.

cweIdsiocstags

via Cisco Talos

v143d ago

Initial creation