Platform
cisco
Component
cisco-catalyst-sd-wan-manager
Fixed in
20.18
20.18
18.4.5
20.18
20.1.2
20.1.2
20.18
20.18
20.18
18.3.8
19.2.1
18.3.9
19.0.1
19.1.1
18.4.303
18.4.304
17.2.11
18.3.7
19.0.2
18.2.1
18.4.4
18.4.2
17.2.9
18.3.4
18.4.1
18.3.2
17.2.7
17.2.10
18.3.5
17.2.6
18.3.2
18.3.6
18.4.1
18.3.4
17.2.8
17.2.5
18.3.1
19.2.4
18.4.502
20.3.2
20.1.3
19.2.930
19.2.32
20.3.3
19.2.33
20.3.3
20.3.3
20.3.3
18.4.7
20.1.3
20.4.2
20.3.3
20.3.3
20.4.2
20.3.3
19.2.5
20.5.1
20.4.2
20.3.4
19.2.5
20.3.3
20.3.4
20.5.2
20.1.4
20.3.4
20.3.4
20.3.4
20.4.2
20.3.4
20.4.2
20.4.2
20.4.2
20.3.4
20.3.4
20.5.2
20.3.4
20.3.4
20.4.3
20.4.3
20.3.5
20.3.4
19.2.5
19.2.5
20.3.5
20.3.3
20.6.2
20.5.2
20.3.4
20.6.2
20.6.1
20.3.3
20.6.1
20.4.3
20.3.4
20.3.5
20.6.2
20.3.5
20.6.3
20.7.2
20.3.5
20.3.5
20.4.3
20.3.4
20.7.2
20.6.3
20.3.5
20.5.2
20.4.3
20.4.3
20.3.5
20.3.814
20.3.5
20.4.3
20.5.2
20.3.5
20.3.815
20.4.3
20.6.3
20.3.5
20.7.2
20.3.5
20.6.3
20.3.5
20.6.3
20.4.3
20.3.6
20.6.3
20.4.3
20.3.5
20.6.3
20.6.4
20.3.5
20.4.3
20.7.2
20.8.2
20.3.6
20.3.6
20.4.3
20.3.6
20.6.4
20.6.4
20.6.4
20.6.4
20.7.3
20.9.2
20.6.4
20.6.4
20.6.4
20.6.5
20.9.2
20.6.4
20.6.4
20.3.7
20.9.2
20.6.4
20.6.5
20.6.4
20.6.6
20.6.4
20.9.3
20.9.3
20.6.4
20.6.4
20.6.4
20.10.2
20.6.4
20.9.3
20.9.2
20.10.2
20.9.3
20.3.8
20.9.4
20.6.6
20.11.2
20.11.2
20.9.4
20.6.4
20.9.4
20.6.6
20.9.4
20.4.3
20.6.4
20.6.5
20.6.4
20.6.4
20.3.6
20.3.5
20.9.4
20.3.4
20.6.6
20.3.8
20.10.2
20.6.6
20.3.5
20.6.3
20.6.2
20.11.2
20.9.4
20.3.5
20.6.6
20.6.4
20.1.4
20.9.3
20.6.6
20.6.6
20.6.6
20.6.4
20.9.4
20.6.6
20.9.4
20.6.5
20.6.6
20.9.4
20.6.4
20.3.8
20.6.6
20.6.6
20.9.4
20.6.5
20.6.6
20.9.4
20.11.2
20.6.4
20.10.2
20.6.6
20.9.4
20.6.4
20.6.6
20.9.4
20.6.6
20.6.5
20.9.4
20.6.4
20.6.4
20.9.3
20.9.4
20.9.4
20.9.4
20.9.5
20.9.5
20.6.6
20.12.2
20.12.2
20.6.6
20.9.4
20.6.6
20.9.5
20.9.5
20.9.4
20.9.4
20.6.6
20.3.9
20.6.7
20.9.4
20.6.4
20.9.4
20.12.3
20.12.3
20.6.7
20.13.2
20.9.5
20.13.2
20.9.5
20.9.6
20.9.6
20.12.4
20.12.4
20.9.5
20.6.8
20.9.6
20.9.6
20.9.5
20.14.2
20.14.2
20.9.6
20.9.6
20.9.6
20.12.4
20.12.5
20.15.2
20.15.2
20.9.6
20.9.6
20.9.6
20.9.7
20.9.7
20.9.6
20.6.9
20.12.5
20.16.2
20.16.2
20.12.5
20.9.6
20.12.5
20.12.402
20.9.6
20.9.6
20.12.5
20.12.5
20.9.6
20.9.7
20.12.5
20.15.3
20.15.3
20.12.5
20.12.6
20.12.6
20.9.8
20.9.8
20.15.4
20.15.4
20.12.502
20.12.6
20.12.6
20.12.6
20.12.6
20.15.4
20.15.5
20.15.5
20.9.8
20.9.8
20.18.2
20.18.2
20.12.7
20.12.7
20.12.6
20.9.9
20.9.9
20.18.3
20.15.5
20.15.5
20.18.3
CVE-2026-20129 describes an authentication bypass vulnerability within the API user authentication process of Cisco Catalyst SD-WAN Manager. Successful exploitation allows an unauthenticated, remote attacker to gain access to the system with the privileges of a netadmin role, enabling unauthorized command execution. This vulnerability affects versions of Cisco Catalyst SD-WAN Manager up to and including 20.18.2LIImages. A fix is available in version 20.18.
The impact of CVE-2026-20129 is severe. An attacker exploiting this vulnerability can effectively impersonate a netadmin user, granting them full administrative control over the affected Cisco Catalyst SD-WAN Manager instance. This includes the ability to modify configurations, access sensitive data, and potentially disrupt network operations. The lack of authentication required for exploitation significantly lowers the barrier to entry for attackers, increasing the likelihood of exploitation. The ability to execute commands with netadmin privileges provides a broad attack surface, allowing for extensive compromise of the system and potentially the wider network it manages. This vulnerability shares similarities with other API authentication bypasses where improper validation allows unauthorized access.
CVE-2026-20129 was publicly disclosed on February 25, 2026. The vulnerability is considered critical due to the ease of exploitation and the potential impact. There is no indication of this vulnerability being actively exploited at this time. The vulnerability has not been added to the CISA KEV catalog. Public proof-of-concept exploits are currently unavailable, but the simplicity of the bypass suggests they are likely to emerge.
Exploit Status
EPSS
0.16% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-20129 is to upgrade Cisco Catalyst SD-WAN Manager to version 20.18 or later. If immediate upgrade is not feasible, consider implementing strict network segmentation to limit external access to the SD-WAN Manager API. Review and restrict API access controls, ensuring only authorized users and systems can interact with the API. While a WAF or proxy cannot directly prevent the authentication bypass, it can be configured to monitor for suspicious API requests and potentially block them based on known attack patterns. Monitor API logs for unusual activity or unauthorized access attempts. After upgrading, verify the fix by attempting to access the API without proper authentication and confirming that access is denied.
Update Cisco Catalyst SD-WAN Manager to version 20.18 or later. This update corrects the authentication bypass vulnerability in the API, preventing unauthenticated remote attackers from gaining access to the system with network administrator privileges.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-20129 is a critical vulnerability allowing unauthenticated attackers to gain netadmin access to Cisco Catalyst SD-WAN Manager through an API authentication bypass.
You are affected if you are using Cisco Catalyst SD-WAN Manager versions 20.18.2LIImages or earlier. Versions 20.18 and later are not affected.
Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later to resolve the vulnerability. Consider network segmentation as a temporary mitigation.
There is currently no evidence of active exploitation, but the ease of exploitation suggests it may become a target.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: [https://sec.cisco.com/ciscoSecurity/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-manager-auth-bypass-20260225]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.