CVE-2026-20126 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 25, 2026
Cisco Catalyst SD-WAN Manager - Privilege Escalation
Published: February 25, 2026Updated: February 25, 2026Remote Exploitable
Overview
Cisco Catalyst SD-WAN Manager contains a privilege escalation caused by insufficient user authentication in the REST API, letting authenticated local attackers with low privileges gain root privileges, exploit requires authentication.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Authenticated local attackers can gain root privileges on the underlying operating system, leading to full system compromise.
Mitigation
Update to the latest version with fixed REST API authentication mechanism.
Related Resources
Details
- CVE ID
- CVE-2026-20126
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-648
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H