プラットフォーム
cisco
コンポーネント
cisco-catalyst-sd-wan-manager
修正版
20.18
20.18
18.4.5
20.18
20.1.2
20.1.2
20.18
20.18
20.18
18.3.8
19.2.1
18.3.9
19.0.1
19.1.1
18.4.303
18.4.304
17.2.11
18.3.7
19.0.2
18.2.1
18.4.4
18.4.2
17.2.9
18.3.4
18.4.1
18.3.2
17.2.7
17.2.10
18.3.5
17.2.6
18.3.2
18.3.6
18.4.1
18.3.4
17.2.8
17.2.5
18.3.1
19.2.4
18.4.502
20.3.2
20.1.3
19.2.930
19.2.32
20.3.3
19.2.33
20.3.3
20.3.3
20.3.3
18.4.7
20.1.3
20.4.2
20.3.3
20.3.3
20.4.2
20.3.3
19.2.5
20.5.1
20.4.2
20.3.4
19.2.5
20.3.3
20.3.4
20.5.2
20.1.4
20.3.4
20.3.4
20.3.4
20.4.2
20.3.4
20.4.2
20.4.2
20.4.2
20.3.4
20.3.4
20.5.2
20.3.4
20.3.4
20.4.3
20.4.3
20.3.5
20.3.4
19.2.5
19.2.5
20.3.5
20.3.3
20.6.2
20.5.2
20.3.4
20.6.2
20.6.1
20.3.3
20.6.1
20.4.3
20.3.4
20.3.5
20.6.2
20.3.5
20.6.3
20.7.2
20.3.5
20.3.5
20.4.3
20.3.4
20.7.2
20.6.3
20.3.5
20.5.2
20.4.3
20.4.3
20.3.5
20.3.814
20.3.5
20.4.3
20.5.2
20.3.5
20.3.815
20.4.3
20.6.3
20.3.5
20.7.2
20.3.5
20.6.3
20.3.5
20.6.3
20.4.3
20.3.6
20.6.3
20.4.3
20.3.5
20.6.3
20.6.4
20.3.5
20.4.3
20.7.2
20.8.2
20.3.6
20.3.6
20.4.3
20.3.6
20.6.4
20.6.4
20.6.4
20.6.4
20.7.3
20.9.2
20.6.4
20.6.4
20.6.4
20.6.5
20.9.2
20.6.4
20.6.4
20.3.7
20.9.2
20.6.4
20.6.5
20.6.4
20.6.6
20.6.4
20.9.3
20.9.3
20.6.4
20.6.4
20.6.4
20.10.2
20.6.4
20.9.3
20.9.2
20.10.2
20.9.3
20.3.8
20.9.4
20.6.6
20.11.2
20.11.2
20.9.4
20.6.4
20.9.4
20.6.6
20.9.4
20.4.3
20.6.4
20.6.5
20.6.4
20.6.4
20.3.6
20.3.5
20.9.4
20.3.4
20.6.6
20.3.8
20.10.2
20.6.6
20.3.5
20.6.3
20.6.2
20.11.2
20.9.4
20.3.5
20.6.6
20.6.4
20.1.4
20.9.3
20.6.6
20.6.6
20.6.6
20.6.4
20.9.4
20.6.6
20.9.4
20.6.5
20.6.6
20.9.4
20.6.4
20.3.8
20.6.6
20.6.6
20.9.4
20.6.5
20.6.6
20.9.4
20.11.2
20.6.4
20.10.2
20.6.6
20.9.4
20.6.4
20.6.6
20.9.4
20.6.6
20.6.5
20.9.4
20.6.4
20.6.4
20.9.3
20.9.4
20.9.4
20.9.4
20.9.5
20.9.5
20.6.6
20.12.2
20.12.2
20.6.6
20.9.4
20.6.6
20.9.5
20.9.5
20.9.4
20.9.4
20.6.6
20.3.9
20.6.7
20.9.4
20.6.4
20.9.4
20.12.3
20.12.3
20.6.7
20.13.2
20.9.5
20.13.2
20.9.5
20.9.6
20.9.6
20.12.4
20.12.4
20.9.5
20.6.8
20.9.6
20.9.6
20.9.5
20.14.2
20.14.2
20.9.6
20.9.6
20.9.6
20.12.4
20.12.5
20.15.2
20.15.2
20.9.6
20.9.6
20.9.6
20.9.7
20.9.7
20.9.6
20.6.9
20.12.5
20.16.2
20.16.2
20.12.5
20.9.6
20.12.5
20.12.402
20.9.6
20.9.6
20.12.5
20.12.5
20.9.6
20.9.7
20.12.5
20.15.3
20.15.3
20.12.5
20.12.6
20.12.6
20.9.8
20.9.8
20.15.4
20.15.4
20.12.502
20.12.6
20.12.6
20.12.6
20.12.6
20.15.4
20.15.5
20.15.5
20.9.8
20.9.8
20.18.2
20.18.2
20.12.7
20.12.7
20.12.6
20.9.9
20.9.9
20.18.3
20.15.5
20.15.5
20.18.3
CVE-2026-20129 describes an authentication bypass vulnerability within the API user authentication process of Cisco Catalyst SD-WAN Manager. Successful exploitation allows an unauthenticated, remote attacker to gain access to the system with the privileges of a netadmin role, enabling unauthorized command execution. This vulnerability affects versions of Cisco Catalyst SD-WAN Manager up to and including 20.18.2LIImages. A fix is available in version 20.18.
The impact of CVE-2026-20129 is severe. An attacker exploiting this vulnerability can effectively impersonate a netadmin user, granting them full administrative control over the affected Cisco Catalyst SD-WAN Manager instance. This includes the ability to modify configurations, access sensitive data, and potentially disrupt network operations. The lack of authentication required for exploitation significantly lowers the barrier to entry for attackers, increasing the likelihood of exploitation. The ability to execute commands with netadmin privileges provides a broad attack surface, allowing for extensive compromise of the system and potentially the wider network it manages. This vulnerability shares similarities with other API authentication bypasses where improper validation allows unauthorized access.
CVE-2026-20129 was publicly disclosed on February 25, 2026. The vulnerability is considered critical due to the ease of exploitation and the potential impact. There is no indication of this vulnerability being actively exploited at this time. The vulnerability has not been added to the CISA KEV catalog. Public proof-of-concept exploits are currently unavailable, but the simplicity of the bypass suggests they are likely to emerge.
Organizations heavily reliant on Cisco Catalyst SD-WAN Manager for network management and routing are particularly at risk. Environments with exposed APIs or weak network segmentation are also more vulnerable. Those using older, unpatched versions of the software (≤20.18.2LIImages) are directly affected and should prioritize patching.
• linux / server:
journalctl -u cisco-sdwan-manager -g "authentication bypass"• generic web:
curl -I <sdwan_manager_api_endpoint> -H 'Authorization:' | grep -q '200 OK'• cisco / network:
show running-config | include api-userdisclosure
エクスプロイト状況
EPSS
0.16% (36% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-20129 is to upgrade Cisco Catalyst SD-WAN Manager to version 20.18 or later. If immediate upgrade is not feasible, consider implementing strict network segmentation to limit external access to the SD-WAN Manager API. Review and restrict API access controls, ensuring only authorized users and systems can interact with the API. While a WAF or proxy cannot directly prevent the authentication bypass, it can be configured to monitor for suspicious API requests and potentially block them based on known attack patterns. Monitor API logs for unusual activity or unauthorized access attempts. After upgrading, verify the fix by attempting to access the API without proper authentication and confirming that access is denied.
Cisco Catalyst SD-WAN Manager をバージョン 20.18 以降にアップデートしてください。このアップデートにより、API の認証バイパスの脆弱性が修正され、認証されていないリモート攻撃者がネットワーク管理者権限でシステムにアクセスすることを防止します。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-20129 is a critical vulnerability allowing unauthenticated attackers to gain netadmin access to Cisco Catalyst SD-WAN Manager through an API authentication bypass.
You are affected if you are using Cisco Catalyst SD-WAN Manager versions 20.18.2LIImages or earlier. Versions 20.18 and later are not affected.
Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later to resolve the vulnerability. Consider network segmentation as a temporary mitigation.
There is currently no evidence of active exploitation, but the ease of exploitation suggests it may become a target.
Refer to the official Cisco Security Advisory for detailed information and mitigation steps: [https://sec.cisco.com/ciscoSecurity/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-manager-auth-bypass-20260225]
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。