Two of these vulnerabilities are already being exploited in the wild by hackers, making immediate remediation critical.
The advisory details five vulnerabilities, led by CVE-2026-20129, a critical authentication bypass flaw with a CVSS score of 9.8.
This bug allows a remote, unauthenticated attacker to send crafted API requests and instantly gain netadmin privileges.
Another major threat is CVE-2026-20126, which enables a local user with low privileges to escalate their access to root on the underlying operating system.
As of March 2026, Cisco warns that threat actors are actively exploiting CVE-2026-20122 and CVE-2026-20128. The first flaw allows attackers with read-only credentials to overwrite arbitrary system files and gain vmanage rights.
The second issue targets the Data Collection Agent (DCA), allowing low-level users to steal plaintext passwords and spread their access to other affected systems.
Because these are being used in real-world attacks, organizations face a high risk of compromise if they do not patch their systems immediately.
Because there are no workarounds to block these attacks, Cisco strongly urges administrators to upgrade their software immediately.
Network defenders must apply the fixed software releases, such as versions 20.9.8.2, 20.12.5.3, or 20.18.2.1, depending on their current setup.
Notably, Catalyst SD-WAN Manager releases 20.18 and later are naturally immune to both the critical authentication bypass and the actively exploited DCA flaw.
Arthur Vidineyev from the Cisco Advanced Security Initiatives Group (ASIG) originally discovered these vulnerabilities during internal testing.
To harden defenses, Cisco recommends restricting internet access to the SD-WAN Manager portal, turning off unused network services such as HTTP or FTP, and implementing strict firewall rules.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access appeared first on Cyber Security News.
Upcoming RTS Dawn of War 4 has a new CGI trailer to reveal the Adeptus…
You like Wolfhound, but Wolfhound does not like you. I’m going to write about 1,180…
Switch 2 exclusive Splatoon Raiders will arrive in July, Nintendo has announced. The Splatoon spinoff…
It appears I Am Legend 2 is moving forward at Warner Bros., with reports indicating…
A real-world intrusion campaign leveraging publicly available Nightmare-Eclipse privilege escalation tooling, BlueHammer, RedSun, and UnDefend,…
A new ransomware-as-a-service (RaaS) operation known as “The Gentlemen” has emerged as a serious threat…
This website uses cookies.