Cisco Catalyst SD-WAN Manager security patch release (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released fixed software for Catalyst SD-WAN Manager, covering multiple vulnerabilities that affected supported branches and required version-specific remediation. The patch release matters because the product is used for network management and the disclosed flaws included arbitrary file overwrite and information disclosure conditions. Cisco mapped affected branches to fixed builds such as 20.9.8.2, 20.12.6.1, 20.15.4.2, and 20.18.2.1. Customers on earlier than Version 20.91 were told to move to a fixed release and upgrade promptly.
Related Happenings
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
Campaign
H score38
First: 25.06.2026 17:15
Last: 25.06.2026 17:15
Sources 1
About this happening:
An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
CampaignAbout this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco security patch release for CVE-2026-20262
Security Patch Release
H score47
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco security patch release for CVE-2026-20262
Security Patch ReleaseAbout this happening: **Cisco** released **security updates** for **CVE-2026-20262** in **Catalyst SD-WAN Manager**, covering multiple release trains after the zero-day was exploited to reach **root pr...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
H score55
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco security patch release for CVE-2026-20182
Security Patch Release
H score60
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
SAP security patch release for CVE-2019-17571
Security Patch Release
H score42
First: 11.03.2026 14:26
Last: 11.03.2026 14:26
Sources 1
About this happening:
**SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...
SAP security patch release for CVE-2019-17571
Security Patch ReleaseAbout this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...
Timeline
-
05.03.2026 17:22 2 articles · 4mo ago
Cisco discloses active exploitation of Catalyst SD-WAN Manager flaws
Initial DisclosureCisco disclosed that Catalyst SD-WAN Manager, formerly SD-WAN vManage, has two flaws under active exploitation in the wild: CVE-2026-20122, an arbitrary file overwrite issue requiring valid read-only API credentials, and CVE-2026-20128, an information disclosure issue requiring valid vManage credentials and affecting Data Collection Agent (DCA) user privileges. Cisco said the Cisco PSIRT became aware of active exploitation in March 2026, noted that fixed software releases had been issued for affected branches late last month, and urged customers to update, restrict exposure, disable unnecessary services, change the default administrator password, and monitor logs.
Show sources
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities — thehackernews.com — 05.03.2026 17:22
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities — thehackernews.com — 05.03.2026 17:22