CVE-2026-20128

Known Exploited (CISA KEV)HIGH

8.3

CVSS Severity Score

EPSS Score93.4970%

EPSS Percentile89.47th

PublishedApr 20, 2026

Last ModifiedJun 12, 2026

Vulnerability Description

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

Affected Platforms (CPE)

📦

Cisco

Catalyst SD-WAN Manager

Refer to description

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2026-20128

Related Vulnerabilities

CVE-2026-201228.7

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API ...

CVE-2026-201338.2

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allo...

CVE-2026-202457.8

Cisco Catalyst SD-WAN Manager is vulnerable to Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...