By Carly Page
Publication Date: 2026-03-06 15:04:00
Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.
The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments.
One of the bugs, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, is a lower-rated information disclosure flaw with a CVSS score of 5.5 that could allow an authenticated local attacker to gain Data Collection Agent (DCA) user privileges on an affected system.
In an advisory published this week, Cisco confirmed that attackers are already abusing the flaws: “In March 2026, the Cisco PSIRT became aware of active exploitation of…