By Eduard Kovacs
Publication Date: 2026-03-05 12:15:00
Cisco is warning customers that two recently patched Catalyst SD-WAN vulnerabilities are being exploited in the wild.
The networking giant informed customers on February 25 about the availability of patches for five Catalyst SD-WAN flaws, including critical and high-severity issues that can be exploited to access vulnerable systems and elevate privileges to root.
Cisco updated its advisory on March 5 to warn that it has become aware of active exploitation for two of the five vulnerabilities: CVE-2026-20128 and CVE-2026-20122.
CVE-2026-20128 is an information disclosure issue affecting the Data Collection Agent (DCA) feature of Catalyst SD-WAN Manager, allowing an authenticated, local attacker to gain DCA user privileges on the targeted system.
CVE-2026-20122 is an arbitrary file overwrite bug affecting the API of the Catalyst SD-WAN Manager. It allows a remote, authenticated attacker to overwrite arbitrary files on the system and gain elevated…
