CVEFinder.io

CVE-2026-20128

⚠️ high
🔍 Scan for this CVE
Summary

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker

Description

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.

This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-02-25
First Seen: 2026-02-26
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Feb 25, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-04-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-257

📦 Affected Products 6

Vendor Product Status Affected Versions
cisco catalyst_sd-wan_manager Affected
> 20.10 < 20.12.5.3
cisco catalyst_sd-wan_manager Affected
> 20.11 < 20.12.5.3
cisco catalyst_sd-wan_manager Affected
> 20.13 < 20.15.4.2
cisco catalyst_sd-wan_manager Affected
> 20.16 < 20.18
cisco catalyst_sd-wan_manager Affected
< 20.9.8.2
cisco catalyst_sd-wan_manager Affected
v20.12.6

🔗 References 2

https://sec.cloudapps.cisco.com/security/center/cont...
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-20262 🔶 medium 6.5 1.7 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, r... 2026-06-15
CVE-2026-20245 ⚠️ high 7.8 1.0 A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, f... 2026-06-04
CVE-2026-20182 ⛔ critical 10.0 77.9 May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fi... 2026-05-14
CVE-2026-20122 🔶 medium 5.4 1.1 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite a... 2026-02-25
CVE-2026-20126 ⚠️ high 8.8 0.0 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gai... 2026-02-25
CVE-2026-20127 ⛔ critical 10.0 48.2 A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalys... 2026-02-25
These CVEs affect the same products