What is CVE-2026-20126?

CVE-2026-20126 is a high-severity vulnerability in Cisco Catalyst Sd-wan Manager, classified under CWE-648. CVSS score: 8.8/10. Published 2026-02-25.

How severe is CVE-2026-20126?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Cisco Catalyst Sd-wan Manager

CVE-2026-20126

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authenticati…

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Catalyst Sd-wan Manager — versions 20.1.12, 19.2.1, 18.4.4

Weakness classification (CWE)

CWE-648

References

cisco-sa-sdwan-authbp-qwCX8D4v

Frequently asked questions

What is CVE-2026-20126?: CVE-2026-20126 is a high-severity vulnerability in Cisco Catalyst Sd-wan Manager, classified under CWE-648. CVSS score: 8.8/10. Published 2026-02-25.
How severe is CVE-2026-20126?: High severity. CVSS v3 base score is 8.8 out of 10.