Two of these vulnerabilities are already being exploited in the wild by hackers, making immediate remediation critical.
The advisory details five vulnerabilities, led by CVE-2026-20129, a critical authentication bypass flaw
This bug allows a remote, unauthenticated attacker to send crafted API requests and instantly gain netadmin privileges.
Another major threat is CVE-2026-20126, which enables a local user with low privileges to escalate their access to root on the underlying operating system.
As of March 2026, Cisco warns that threat actors are actively exploiting CVE-2026-20122 and CVE-2026-20128. The first flaw allows attackers with read-only credentials to overwrite arbitrary system files and gain vmanage rights.
The second issue targets the Data Collection Agent (DCA), allowing low-level users to steal plaintext passwords and spread their access to other affected systems.
Because these are being used in real-world attacks, organizations face a high risk of compromise if they do not patch their systems immediately.
Because there are no workarounds to block these attacks, Cisco strongly urges administrators to upgrade their software immediately.
Network defenders must apply the fixed software releases, such as versions 20.9.8.2, 20.12.5.3, or 20.18.2.1, depending on their current setup.
Notably, Catalyst SD-WAN Manager releases 20.18 and later are naturally immune to both the critical authentication bypass and the actively exploited DCA flaw.
Arthur Vidineyev from the Cisco Advanced Security Initiatives Group (ASIG) originally discovered these vulnerabilities during internal testing.
To harden defenses, Cisco recommends restricting internet access to the SD-WAN Manager portal, turning off unused network services such as HTTP or FTP, and implementing strict firewall rules.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access appeared first on Cyber Security News.
In January 2026, Zscaler’s ThreatLabz team identified a sophisticated cyber attack attributed to the Iranian-linked…
As the cyber threat landscape continues to evolve, one of the most alarming developments is…
Hopkinton High School students walked out of school Thursday afternoon and headed downtown with a…
Scott Doherty, the current chair of the Canterbury Board of Selectmen, is running unopposed for…
The John Stark School District covers John Stark High School, which has about 650 students…
Three incumbents and a former selectman are running unopposed for two seats on both Pembroke’s…
This website uses cookies.