Cisco Catalyst SD-WAN Manager security patch release (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
Cisco released fixed software for Catalyst SD-WAN Manager, covering multiple vulnerabilities that affected supported branches and required version-specific remediation. The patch release matters because the product is used for network management and the disclosed flaws included arbitrary file overwrite and information disclosure conditions. Cisco mapped affected branches to fixed builds such as 20.9.8.2, 20.12.6.1, 20.15.4.2, and 20.18.2.1. Customers on earlier than Version 20.91 were told to move to a fixed release and upgrade promptly.
Related Happenings
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch Release
First: 22.05.2026 08:36
Last: 22.05.2026 08:36
Sources 1
About this happening:
Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco Secure Workload REST API patch release (CVE-2026-20223)
Security Patch ReleaseAbout this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...
Cisco security patch release for CVE-2026-20182
Security Patch Release
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
SAP security patch release for CVE-2019-17571
Security Patch Release
First: 11.03.2026 14:26
Last: 11.03.2026 14:26
Sources 1
About this happening:
**SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...
SAP security patch release for CVE-2019-17571
Security Patch ReleaseAbout this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...
Cisco Catalyst SD-WAN active exploitation wave
Exploitation Wave
First: 05.03.2026 14:15
Last: 05.03.2026 14:15
Sources 1
How related:
"In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only," the networking equipment major said.
About this happening:
**Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...
Cisco Catalyst SD-WAN active exploitation wave
Exploitation WaveHow related: "In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only," the networking equipment major said.
About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch Release
First: 04.03.2026 21:12
Last: 04.03.2026 21:12
Sources 1
About this happening:
**Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Cisco Secure Firewall Management Center patch release (CVE-2026-20079, CVE-2026-20131)
Security Patch ReleaseAbout this happening: **Cisco Secure Firewall Management Center (FMC)** patch release for **CVE-2026-20131** and **CVE-2026-20079** addressed **CVSS 10** flaws that could let an **unauthenticated remot...
Latest development: 20.03.2026 17:09
CISA ordered Federal Civilian Executive Branch (FCEB) agencies to apply security updates for CVE-2026-20131 in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22 after Cisco updated its bulletin on March 18 to warn of active exploitation in the wild. Amazon threat intelligence researchers said Interlock ransomware had been exploiting CVE-2026-20131 as a zero-day since the end of January, and Cisco said the web-based management interface could let an unauthenticated, remote attacker execute arbitrary Java code as root on an affected device.
Timeline
-
05.03.2026 17:22 2 articles · 2mo ago
Cisco discloses active exploitation of Catalyst SD-WAN Manager flaws
Initial DisclosureCisco disclosed that Catalyst SD-WAN Manager, formerly SD-WAN vManage, has two flaws under active exploitation in the wild: CVE-2026-20122, an arbitrary file overwrite issue requiring valid read-only API credentials, and CVE-2026-20128, an information disclosure issue requiring valid vManage credentials and affecting Data Collection Agent (DCA) user privileges. Cisco said the Cisco PSIRT became aware of active exploitation in March 2026, noted that fixed software releases had been issued for affected branches late last month, and urged customers to update, restrict exposure, disable unnecessary services, change the default administrator password, and monitor logs.
Show sources
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities — thehackernews.com — 05.03.2026 17:22
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities — thehackernews.com — 05.03.2026 17:22