CVE-2026-20209
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated attacker with read-only permissions to elevate privileges to high. The issue is due to sensitive session information being recorded in audit logs.
Risk Assessment
An attacker could gain full control over the SD-WAN Manager, compromising the integrity and confidentiality of the entire SD-WAN network.
Recommendation
Apply the security update provided by Cisco for Catalyst SD-WAN Manager immediately. Restrict access to the web UI to trusted networks only.
Original NVD description (English source)
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

