CVE-2026-20122

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

CVSS 5.4 MEDIUMEPSS 7.0%● KEVCWE-648

In short

A flaw in Cisco Catalyst SD-WAN Manager's API allows an authenticated user with read-only access to overwrite any file on the server by uploading a malicious file. This could let an attacker gain administrative privileges and take control of the system.

Technical detail

The vulnerability stems from improper file handling in the API endpoint that processes file uploads. An authenticated attacker with valid read-only API credentials can exploit this to overwrite arbitrary files on the local filesystem, potentially escalating privileges to vmanage user level. The attack requires valid API credentials but no special network position.

Summary generated and translated by AI from the official description.

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Cisco · Cisco Catalyst SD-WAN Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122