CVE-2026-20126 – Cisco Catalyst SD-WAN and ThousandEyes Multiple Vulnerabilities
“Cisco SD-WAN and monitoring systems exposed critical trust gaps — including a zero-day authentication bypass and high-risk privilege escalation that can hand over full network control.”
The most severe issue, CVE-2026-20127, carries a CVSS v3 score of 10.0 (Critical). This authentication bypass vulnerability has been exploited in real-world zero-day attacks. An unauthenticated remote attacker could gain full administrative control of affected controllers, inject rogue devices, and manipulate WAN traffic. This level of compromise puts entire enterprise networks at immediate risk.
CVE-2026-20126 is rated CVSS v3 8.8 (High). This vulnerability allows remote exploitation that could lead to significant system compromise, depending on deployment exposure.
CVE-2026-20122 carries a CVSS v3 score of 7.8 (High) and allows an authenticated local attacker to escalate privileges to root through crafted administrative input, resulting in full device takeover.
CVE-2026-20128 is rated CVSS v3 7.5 (High) and addresses additional security weaknesses within SD-WAN components that could be leveraged to disrupt or compromise services.
These patches strengthen authentication controls, enforce stricter privilege boundaries, and harden SD-WAN management interfaces against remote and local abuse.
Key Details
- Affected Product
- Cisco Catalyst Sd-wan Manager
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-648