HomeCVE Intelligence › CVE-2026-20122
CVSS 9.5 CRITICAL 🔴 ACTIVELY EXPLOITED Vulnerability

CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploadin…

⚠️ CISA KEV Remediation Due: 2026-04-23
9.5CVSS Score
CRITICALSeverity
YESCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-20122
VendorCisco
Affected ProductCatalyst SD-WAN Manger
Vulnerability TypeVulnerability
CVSS Score9.5 (CRITICAL)
Actively Exploited✅ Yes — CISA KEV Listed
Patch StatusPending Vendor Disclosure
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via cisa_kev)

🔬 Technical Analysis

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-20122 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence