What is CVE-2026-20129 — Authentication Bypass in Cisco Catalyst SD-WAN Manager?

CVE-2026-20129 is a critical vulnerability allowing unauthenticated attackers to gain netadmin access to Cisco Catalyst SD-WAN Manager through an API authentication bypass.

Am I affected by CVE-2026-20129 in Cisco Catalyst SD-WAN Manager?

You are affected if you are using Cisco Catalyst SD-WAN Manager versions 20.18.2_LI_Images or earlier. Versions 20.18 and later are not affected.

How do I fix CVE-2026-20129 in Cisco Catalyst SD-WAN Manager?

Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later to resolve the vulnerability. Consider network segmentation as a temporary mitigation.

Is CVE-2026-20129 being actively exploited?

There is currently no evidence of active exploitation, but the ease of exploitation suggests it may become a target.

Where can I find the official Cisco advisory for CVE-2026-20129?

Refer to the official Cisco Security Advisory for detailed information and mitigation steps: [https://sec.cisco.com/ciscoSecurity/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-manager-auth-bypass-20260225]

CRITICALCVE-2026-20129CVSS 9.8

Vulnerabilidad de Omisión de Autenticación en Cisco Catalyst SD-WAN

Plataforma

cisco

Componente

cisco-catalyst-sd-wan-manager

Corregido en

Software Afectado

Componentecisco-catalyst-sd-wan-manager

ProveedorCisco

Rango afectadoCorregido en

20.1.12 – 20.1.1220.18

19.2.1 – 19.2.120.18

18.4.4 – 18.4.418.4.5

18.4.5 – 18.4.520.18

20.1.1.1 – 20.1.1.120.1.2

20.1.1 – 20.1.120.1.2

19.3.0 – 19.3.020.18

19.2.2 – 19.2.220.18

19.2.099 – 19.2.099—

18.3.6 – 18.3.620.18

18.3.7 – 18.3.718.3.8

19.2.0 – 19.2.019.2.1

18.3.8 – 18.3.818.3.9

19.0.0 – 19.0.019.0.1

19.1.0 – 19.1.019.1.1

18.4.302 – 18.4.30218.4.303

18.4.303 – 18.4.30318.4.304

19.2.097 – 19.2.097—

19.2.098 – 19.2.098—

17.2.10 – 17.2.1017.2.11

18.3.6.1 – 18.3.6.118.3.7

19.0.1a – 19.0.1a19.0.2

18.2.0 – 18.2.018.2.1

18.4.3 – 18.4.318.4.4

18.4.1 – 18.4.118.4.2

17.2.8 – 17.2.817.2.9

18.3.3.1 – 18.3.3.118.3.4

18.4.0 – 18.4.018.4.1

18.3.1 – 18.3.118.3.2

17.2.6 – 17.2.617.2.7

17.2.9 – 17.2.917.2.10

18.3.4 – 18.3.418.3.5

17.2.5 – 17.2.517.2.6

18.3.1.1 – 18.3.1.118.3.2

18.3.5 – 18.3.518.3.6

18.4.0.1 – 18.4.0.118.4.1

18.3.3 – 18.3.318.3.4

17.2.7 – 17.2.717.2.8

17.2.4 – 17.2.417.2.5

18.3.0 – 18.3.018.3.1

19.2.3 – 19.2.319.2.4

18.4.501_ES – 18.4.501_ES18.4.502

20.3.1 – 20.3.120.3.2

20.1.2 – 20.1.220.1.3

19.2.929 – 19.2.92919.2.930

19.2.31 – 19.2.3119.2.32

20.3.2 – 20.3.220.3.3

19.2.32 – 19.2.3219.2.33

20.3.2_925 – 20.3.2_92520.3.3

20.3.2.1 – 20.3.2.120.3.3

20.3.2.1_927 – 20.3.2.1_92720.3.3

18.4.6 – 18.4.618.4.7

20.1.2_937 – 20.1.2_93720.1.3

20.4.1 – 20.4.120.4.2

20.3.2_928 – 20.3.2_92820.3.3

20.3.2_929 – 20.3.2_92920.3.3

20.4.1.0.1 – 20.4.1.0.120.4.2

20.3.2.1_930 – 20.3.2.1_93020.3.3

19.2.4 – 19.2.419.2.5

20.5.0.1.1 – 20.5.0.1.120.5.1

20.4.1.1 – 20.4.1.120.4.2

20.3.3 – 20.3.320.3.4

19.2.4.0.1 – 19.2.4.0.119.2.5

20.3.2_937 – 20.3.2_93720.3.3

20.3.3.1 – 20.3.3.120.3.4

20.5.1 – 20.5.120.5.2

20.1.3 – 20.1.320.1.4

20.3.3.0.4 – 20.3.3.0.420.3.4

20.3.3.1.2 – 20.3.3.1.220.3.4

20.3.3.1.1 – 20.3.3.1.120.3.4

20.4.1.2 – 20.4.1.220.4.2

20.3.3.0.2 – 20.3.3.0.220.3.4

20.4.1.1.5 – 20.4.1.1.520.4.2

20.4.1.0.01 – 20.4.1.0.0120.4.2

20.4.1.0.02 – 20.4.1.0.0220.4.2

20.3.3.1.7 – 20.3.3.1.720.3.4

20.3.3.1.5 – 20.3.3.1.520.3.4

20.5.1.0.1 – 20.5.1.0.120.5.2

20.3.3.1.10 – 20.3.3.1.1020.3.4

20.3.3.0.8 – 20.3.3.0.820.3.4

20.4.2 – 20.4.220.4.3

20.4.2.0.1 – 20.4.2.0.120.4.3

20.3.4 – 20.3.420.3.5

20.3.3.0.14 – 20.3.3.0.1420.3.4

19.2.4.0.8 – 19.2.4.0.819.2.5

19.2.4.0.9 – 19.2.4.0.919.2.5

20.3.4.0.1 – 20.3.4.0.120.3.5

20.3.2.0.5 – 20.3.2.0.520.3.3

20.6.1 – 20.6.120.6.2

20.5.1.0.2 – 20.5.1.0.220.5.2

20.3.3.0.17 – 20.3.3.0.1720.3.4

20.6.1.1 – 20.6.1.120.6.2

20.6.0.18.3 – 20.6.0.18.320.6.1

20.3.2.0.6 – 20.3.2.0.620.3.3

20.6.0.18.4 – 20.6.0.18.420.6.1

20.4.2.0.2 – 20.4.2.0.220.4.3

20.3.3.0.16 – 20.3.3.0.1620.3.4

20.3.4.0.5 – 20.3.4.0.520.3.5

20.6.1.0.1 – 20.6.1.0.120.6.2

20.3.4.0.6 – 20.3.4.0.620.3.5

20.6.2 – 20.6.220.6.3

20.7.1EFT2 – 20.7.1EFT220.7.2

20.3.4.0.9 – 20.3.4.0.920.3.5

20.3.4.0.11 – 20.3.4.0.1120.3.5

20.4.2.0.4 – 20.4.2.0.420.4.3

20.3.3.0.18 – 20.3.3.0.1820.3.4

20.7.1 – 20.7.120.7.2

20.6.2.1 – 20.6.2.120.6.3

20.3.4.1 – 20.3.4.120.3.5

20.5.1.1 – 20.5.1.120.5.2

20.4.2.1 – 20.4.2.120.4.3

20.4.2.1.1 – 20.4.2.1.120.4.3

20.3.4.1.1 – 20.3.4.1.120.3.5

20.3.813 – 20.3.81320.3.814

20.3.4.0.19 – 20.3.4.0.1920.3.5

20.4.2.2.1 – 20.4.2.2.120.4.3

20.5.1.2 – 20.5.1.220.5.2

20.3.4.2 – 20.3.4.220.3.5

20.3.814 – 20.3.81420.3.815

20.4.2.2 – 20.4.2.220.4.3

20.6.2.2 – 20.6.2.220.6.3

20.3.4.2.1 – 20.3.4.2.120.3.5

20.7.1.1 – 20.7.1.120.7.2

20.3.4.1.2 – 20.3.4.1.220.3.5

20.6.2.2.2 – 20.6.2.2.220.6.3

20.3.4.0.20 – 20.3.4.0.2020.3.5

20.6.2.2.3 – 20.6.2.2.320.6.3

20.4.2.2.2 – 20.4.2.2.220.4.3

20.3.5 – 20.3.520.3.6

20.6.2.0.4 – 20.6.2.0.420.6.3

20.4.2.2.3 – 20.4.2.2.320.4.3

20.3.4.0.24 – 20.3.4.0.2420.3.5

20.6.2.2.7 – 20.6.2.2.720.6.3

20.6.3 – 20.6.320.6.4

20.3.4.2.2 – 20.3.4.2.220.3.5

20.4.2.2.4 – 20.4.2.2.420.4.3

20.7.1.0.2 – 20.7.1.0.220.7.2

20.8.1 – 20.8.120.8.2

20.3.5.0.8 – 20.3.5.0.820.3.6

20.3.5.0.9 – 20.3.5.0.920.3.6

20.4.2.2.8 – 20.4.2.2.820.4.3

20.3.5.0.7 – 20.3.5.0.720.3.6

20.6.3.0.7 – 20.6.3.0.720.6.4

20.6.3.0.5 – 20.6.3.0.520.6.4

20.6.3.0.10 – 20.6.3.0.1020.6.4

20.6.3.0.2 – 20.6.3.0.220.6.4

20.7.2 – 20.7.220.7.3

20.9.1EFT2 – 20.9.1EFT220.9.2

20.6.3.0.11 – 20.6.3.0.1120.6.4

20.6.3.1 – 20.6.3.120.6.4

20.6.3.0.14 – 20.6.3.0.1420.6.4

20.6.4 – 20.6.420.6.5

20.9.1 – 20.9.120.9.2

20.6.3.0.19 – 20.6.3.0.1920.6.4

20.6.3.0.18 – 20.6.3.0.1820.6.4

20.3.6 – 20.3.620.3.7

20.9.1.1 – 20.9.1.120.9.2

20.6.3.0.23 – 20.6.3.0.2320.6.4

20.6.4.0.4 – 20.6.4.0.420.6.5

20.6.3.0.25 – 20.6.3.0.2520.6.4

20.6.5 – 20.6.520.6.6

20.6.3.0.27 – 20.6.3.0.2720.6.4

20.9.2 – 20.9.220.9.3

20.9.2.1 – 20.9.2.120.9.3

20.6.3.0.29 – 20.6.3.0.2920.6.4

20.6.3.0.31 – 20.6.3.0.3120.6.4

20.6.3.0.32 – 20.6.3.0.3220.6.4

20.10.1 – 20.10.120.10.2

20.6.3.0.33 – 20.6.3.0.3320.6.4

20.9.2.0.01 – 20.9.2.0.0120.9.3

20.9.1_LI_Images – 20.9.1_LI_Images20.9.2

20.10.1_LI_Images – 20.10.1_LI_Images20.10.2

20.9.2_LI_Images – 20.9.2_LI_Images20.9.3

20.3.7 – 20.3.720.3.8

20.9.3 – 20.9.320.9.4

20.6.5.1 – 20.6.5.120.6.6

20.11.1 – 20.11.120.11.2

20.11.1_LI_Images – 20.11.1_LI_Images20.11.2

20.9.3_LI_ Images – 20.9.3_LI_ Images20.9.4

20.6.3.1.1 – 20.6.3.1.120.6.4

20.9.3.0.2 – 20.9.3.0.220.9.4

20.6.5.1.2 – 20.6.5.1.220.6.6

20.9.3.0.3 – 20.9.3.0.320.9.4

20.4.2.3 – 20.4.2.320.4.3

20.6.3.2 – 20.6.3.220.6.4

20.6.4.1 – 20.6.4.120.6.5

20.6.3.0.38 – 20.6.3.0.3820.6.4

20.6.3.0.39 – 20.6.3.0.3920.6.4

20.3.5.1 – 20.3.5.120.3.6

20.3.4.3 – 20.3.4.320.3.5

20.9.3.1 – 20.9.3.120.9.4

20.3.3.2 – 20.3.3.220.3.4

20.6.5.2 – 20.6.5.220.6.6

20.3.7.1 – 20.3.7.120.3.8

20.10.1.1 – 20.10.1.120.10.2

20.6.5.2.1 – 20.6.5.2.120.6.6

20.3.4.0.25 – 20.3.4.0.2520.3.5

20.6.2.2.4 – 20.6.2.2.420.6.3

20.6.1.2 – 20.6.1.220.6.2

20.11.1.1 – 20.11.1.120.11.2

20.9.3.0.5 – 20.9.3.0.520.9.4

20.3.4.0.26 – 20.3.4.0.2620.3.5

20.6.5.1.3 – 20.6.5.1.320.6.6

20.6.3.0.40 – 20.6.3.0.4020.6.4

20.1.3.1 – 20.1.3.120.1.4

20.9.2.2 – 20.9.2.220.9.3

20.6.5.2.3 – 20.6.5.2.320.6.6

20.6.5.1.4 – 20.6.5.1.420.6.6

20.6.5.3 – 20.6.5.320.6.6

20.6.3.0.41 – 20.6.3.0.4120.6.4

20.9.3.0.7 – 20.9.3.0.720.9.4

20.6.5.1.5 – 20.6.5.1.520.6.6

20.9.3.0.4 – 20.9.3.0.420.9.4

20.6.4.0.19 – 20.6.4.0.1920.6.5

20.6.5.1.6 – 20.6.5.1.620.6.6

20.9.3.0.8 – 20.9.3.0.820.9.4

20.6.3.3 – 20.6.3.320.6.4

20.3.7.2 – 20.3.7.220.3.8

20.6.5.4 – 20.6.5.420.6.6

20.6.5.1.7 – 20.6.5.1.720.6.6

20.9.3.0.12 – 20.9.3.0.1220.9.4

20.6.4.2 – 20.6.4.220.6.5

20.6.5.5 – 20.6.5.520.6.6

20.9.3.2 – 20.9.3.220.9.4

20.11.1.2 – 20.11.1.220.11.2

20.6.3.4 – 20.6.3.420.6.4

20.10.1.2 – 20.10.1.220.10.2

20.6.5.1.9 – 20.6.5.1.920.6.6

20.9.3.0.16 – 20.9.3.0.1620.9.4

20.6.3.0.45 – 20.6.3.0.4520.6.4

20.6.5.1.10 – 20.6.5.1.1020.6.6

20.9.3.0.17 – 20.9.3.0.1720.9.4

20.6.5.2.4 – 20.6.5.2.420.6.6

20.6.4.0.21 – 20.6.4.0.2120.6.5

20.9.3.0.18 – 20.9.3.0.1820.9.4

20.6.3.0.46 – 20.6.3.0.4620.6.4

20.6.3.0.47 – 20.6.3.0.4720.6.4

20.9.2.3 – 20.9.2.320.9.3

20.9.3.2_LI_Images – 20.9.3.2_LI_Images20.9.4

20.9.3.0.21 – 20.9.3.0.2120.9.4

20.9.3.0.20 – 20.9.3.0.2020.9.4

20.9.4_LI_Images – 20.9.4_LI_Images20.9.5

20.9.4 – 20.9.420.9.5

20.6.5.1.11 – 20.6.5.1.1120.6.6

20.12.1 – 20.12.120.12.2

20.12.1_LI_Images – 20.12.1_LI_Images20.12.2

20.6.5.1.13 – 20.6.5.1.1320.6.6

20.9.3.0.23 – 20.9.3.0.2320.9.4

20.6.5.2.8 – 20.6.5.2.820.6.6

20.9.4.1 – 20.9.4.120.9.5

20.9.4.1_LI_Images – 20.9.4.1_LI_Images20.9.5

20.9.3.0.25 – 20.9.3.0.2520.9.4

20.9.3.0.24 – 20.9.3.0.2420.9.4

20.6.5.1.14 – 20.6.5.1.1420.6.6

20.3.8 – 20.3.820.3.9

20.6.6 – 20.6.620.6.7

20.9.3.0.26 – 20.9.3.0.2620.9.4

20.6.3.0.51 – 20.6.3.0.5120.6.4

20.9.3.0.29 – 20.9.3.0.2920.9.4

20.12.2 – 20.12.220.12.3

20.12.2_LI_Images – 20.12.2_LI_Images20.12.3

20.6.6.0.1 – 20.6.6.0.120.6.7

20.13.1_LI_Images – 20.13.1_LI_Images20.13.2

20.9.4.0.4 – 20.9.4.0.420.9.5

20.13.1 – 20.13.120.13.2

20.9.4.1.1 – 20.9.4.1.120.9.5

20.9.5 – 20.9.520.9.6

20.9.5_LI_Images – 20.9.5_LI_Images20.9.6

20.12.3_LI_Images – 20.12.3_LI_Images20.12.4

20.12.3 – 20.12.320.12.4

20.9.4.1.3 – 20.9.4.1.320.9.5

20.6.7 – 20.6.720.6.8

20.9.5.1 – 20.9.5.120.9.6

20.9.5.1_LI_Images – 20.9.5.1_LI_Images20.9.6

20.9.4.1.6 – 20.9.4.1.620.9.5

20.14.1 – 20.14.120.14.2

20.14.1_LI_Images – 20.14.1_LI_Images20.14.2

20.9.5.2 – 20.9.5.220.9.6

20.9.5.2.1 – 20.9.5.2.120.9.6

20.9.5.2_LI_Images – 20.9.5.2_LI_Images20.9.6

20.12.3.1 – 20.12.3.120.12.4

20.12.4 – 20.12.420.12.5

20.15.1_LI_Images – 20.15.1_LI_Images20.15.2

20.15.1 – 20.15.120.15.2

20.9.5.1.4 – 20.9.5.1.420.9.6

20.9.5.2.7 – 20.9.5.2.720.9.6

20.9.5.2.13 – 20.9.5.2.1320.9.6

20.9.6 – 20.9.620.9.7

20.9.6_LI_Images – 20.9.6_LI_Images20.9.7

20.9.5.2.14 – 20.9.5.2.1420.9.6

20.6.8 – 20.6.820.6.9

20.12.4.0.03 – 20.12.4.0.0320.12.5

20.16.1 – 20.16.120.16.2

20.16.1_LI_Images – 20.16.1_LI_Images20.16.2

20.12.4_LI_Images – 20.12.4_LI_Images20.12.5

20.9.5.2.16 – 20.9.5.2.1620.9.6

20.12.4.0.4 – 20.12.4.0.420.12.5

20.12.401 – 20.12.40120.12.402

20.9.5.3 – 20.9.5.320.9.6

20.9.5.3_LI_Images – 20.9.5.3_LI_Images20.9.6

20.12.4.1_LI_Images – 20.12.4.1_LI_Images20.12.5

20.12.4.1 – 20.12.4.120.12.5

20.9.5.2.21 – 20.9.5.2.2120.9.6

20.9.6.0.3 – 20.9.6.0.320.9.7

20.12.4.0.6 – 20.12.4.0.620.12.5

20.15.2_LI_Images – 20.15.2_LI_Images20.15.3

20.15.2 – 20.15.220.15.3

20.12.4_Monthly_ES5 – 20.12.4_Monthly_ES520.12.5

20.12.5 – 20.12.520.12.6

20.12.5_LI_Images – 20.12.5_LI_Images20.12.6

20.9.7_LI _Images – 20.9.7_LI _Images20.9.8

20.9.7 – 20.9.720.9.8

20.15.3 – 20.15.320.15.4

20.15.3_ LI _Images – 20.15.3_ LI _Images20.15.4

20.12.501 – 20.12.50120.12.502

20.12.5.1_LI_Images – 20.12.5.1_LI_Images20.12.6

20.12.5.1 – 20.12.5.120.12.6

20.12.5.2_LI_Images – 20.12.5.2_LI_Images20.12.6

20.12.5.2 – 20.12.5.220.12.6

20.15.3.1 – 20.15.3.120.15.4

20.15.4_LI_Images – 20.15.4_LI_Images20.15.5

20.15.4 – 20.15.420.15.5

20.9.7.1_LI _Images – 20.9.7.1_LI _Images20.9.8

20.9.7.1 – 20.9.7.120.9.8

20.18.1 – 20.18.120.18.2

20.18.1_LI_Images – 20.18.1_LI_Images20.18.2

20.12.6_LI_Images – 20.12.6_LI_Images20.12.7

20.12.6 – 20.12.620.12.7

20.12.5.1.01 – 20.12.5.1.0120.12.6

20.9.8 – 20.9.820.9.9

20.9.8_LI_Images – 20.9.8_LI_Images20.9.9

20.18.2 – 20.18.220.18.3

20.15.4.1_LI_Images – 20.15.4.1_LI_Images20.15.5

20.15.4.1 – 20.15.4.120.15.5

20.18.2_LI_Images – 20.18.2_LI_Images20.18.3

Vulnerabilidad de Omisión de Autenticación en Cisco Catalyst SD-WAN

Impacto y Escenarios de Ataque

Contexto de Explotación

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workarounds

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2026-20129 — Authentication Bypass in Cisco Catalyst SD-WAN Manager?

Am I affected by CVE-2026-20129 in Cisco Catalyst SD-WAN Manager?

How do I fix CVE-2026-20129 in Cisco Catalyst SD-WAN Manager?

Is CVE-2026-20129 being actively exploited?

Where can I find the official Cisco advisory for CVE-2026-20129?

¿Tu proyecto está afectado?