CVE-2026-20128

HIGH 7.5

Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

5th

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CWE	CWE-257
Vendor	cisco
Product	cisco catalyst sd-wan manager
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Feb 25, 2026
Last Updated	Mar 20, 2026

Stay Ahead of the Next One

Get instant alerts for cisco cisco catalyst sd-wan manager

Be the first to know when new high vulnerabilities affecting cisco cisco catalyst sd-wan manager are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Cisco / Cisco Catalyst SD-WAN Manager

20.1.12 19.2.1 18.4.4 18.4.5 20.1.1.1 20.1.1 19.3.0 19.2.2 19.2.099 18.3.6 18.3.7 19.2.0 18.3.8 19.0.0 19.1.0 18.4.302 18.4.303 19.2.097 19.2.098 17.2.10 18.3.6.1 19.0.1a 18.2.0 18.4.3 18.4.1 17.2.8 18.3.3.1 18.4.0 18.3.1 17.2.6 17.2.9 18.3.4 17.2.5 18.3.1.1 18.3.5 18.4.0.1 18.3.3 17.2.7 18.3.0 19.2.3 18.4.501_ES 20.3.1 20.1.2 19.2.929 19.2.31 20.3.2 19.2.32 20.3.2.1 20.3.2.1_927 18.4.6 20.3.2_928 20.3.2_929 20.4.1.0.1 20.3.2.1_930 19.2.4 20.5.0.1.1 20.4.1.1 20.3.3 19.2.4.0.1 20.3.2_937 20.5.1 20.1.3 20.3.3.0.4 20.3.3.1.2 20.3.3.1.1 20.4.1.2 20.3.3.0.2 20.4.1.1.5 20.4.1.0.02 20.3.3.1.7 20.3.3.1.5 20.5.1.0.1 20.3.3.1.10 20.3.3.0.8 20.4.2 20.3.4 20.3.3.0.14 19.2.4.0.8 19.2.4.0.9 20.3.4.0.1 20.3.2.0.5 20.5.1.0.2 20.6.1.1 20.6.0.18.3 20.3.2.0.6 20.6.0.18.4 20.4.2.0.2 20.3.3.0.16 20.6.1.0.1 20.3.4.0.6 20.7.1EFT2 20.3.4.0.9 20.3.4.0.11 20.3.3.0.18 20.6.2.1 20.3.4.1 20.4.2.1 20.4.2.1.1 20.3.4.1.1 20.3.813 20.3.4.0.19 20.4.2.2.1 20.5.1.2 20.3.814 20.4.2.2 20.6.2.2 20.3.4.2.1 20.3.4.1.2 20.3.4.0.20 20.6.2.2.3 20.4.2.2.2 20.6.2.0.4 20.3.4.0.24 20.6.2.2.7 20.3.4.2.2 20.4.2.2.4 20.3.5.0.8 20.3.5.0.9 20.3.5.0.7 20.6.3.0.2 20.9.1EFT2 20.3.6 20.3.7 20.4.2.3 20.3.5.1 20.3.4.3 20.3.3.2 20.3.7.1 20.3.4.0.25 20.6.2.2.4 20.6.1.2 20.1.3.1 20.6.5.1.4 20.3.8 20.12.501 26.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v