Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild

vm_admin
Cisco Warns of More Catalyst SD-WAN Flaws Exploited in the Wild

By Eduard Kovacs
Publication Date: 2026-03-05 12:15:00

Cisco is warning customers that two recently patched Catalyst SD-WAN vulnerabilities are being exploited in the wild. 

The networking giant informed customers on February 25 about the availability of patches for five Catalyst SD-WAN flaws, including critical and high-severity issues that can be exploited to access vulnerable systems and elevate privileges to root. 

Cisco updated its advisory on March 5 to warn that it has become aware of active exploitation for two of the five vulnerabilities: CVE-2026-20128 and CVE-2026-20122.

CVE-2026-20128 is an information disclosure issue affecting the Data Collection Agent (DCA) feature of Catalyst SD-WAN Manager, allowing an authenticated, local attacker to gain DCA user privileges on the targeted system.

CVE-2026-20122 is an arbitrary file overwrite bug affecting the API of the Catalyst SD-WAN Manager. It allows a remote, authenticated attacker to overwrite arbitrary files on the system and gain elevated…

Related Posts

Request Unsatisfied

The request for this content could not be satisfied at this time. The server of the app or website is…

Martin Lund: A New Perspective
Martin Lund: A New Perspective

Martin is the Executive Vice President of Cisco’s Common Hardware Group, overseeing the development and delivery of critical components for…