Home / Vulnerability Intelligence / CVE-2026-20129

CVE-2026-20129 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 25, 2026

Cisco Catalyst SD-WAN Manager - Authentication Bypass

Published: February 25, 2026Updated: February 25, 2026Remote Exploitable

Overview

Cisco Catalyst SD-WAN Manager < 20.18 contains a broken authentication caused by improper authentication in API user requests, letting unauthenticated remote attackers gain netadmin role privileges, exploit requires crafted API request.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can gain netadmin privileges and execute commands, potentially compromising the entire system.

Mitigation

Upgrade to version 20.18 or later.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Related Resources

Details

CVE ID: CVE-2026-20129
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H