CVE-2026-20128

HIGH CISA KEV EPSS 91.5%
Published Feb 25, 20264mo ago · Modified Apr 21, 20262mo ago
7.5 CVSS 3.1
High
Find Similar
Published Feb 25, 2026 4mo ago
Last Modified Apr 21, 2026 2mo ago
KEV Listed Apr 20, 2026 2mo ago
KEV Due Apr 23, 2026 71d overdue

Description

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CVSS Details

Base Score
7.5
Exploitability
0.8
Impact
6.0
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 71d
Added
Apr 20, 2026
Due
Apr 23, 2026

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

EPSS Exploit Probability
91.5% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available

Weaknesses 1

CWE-257

Affected Products 5

VendorProductVersionRange
ciscocatalyst_sd-wan_manager* <20.9.8.2
ciscocatalyst_sd-wan_manager*≥20.10  –  <20.12.5.3
ciscocatalyst_sd-wan_manager*≥20.13  –  <20.15.4.2
ciscocatalyst_sd-wan_manager*≥20.16  –  <20.18
ciscocatalyst_sd-wan_manager20.12.6any

References 2

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v
    Vendor Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128
    US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.