Summary

Cisco has confirmed active exploitation of two vulnerabilities in Catalyst SD-WAN Manager, formerly known as SD-WAN vManage. These vulnerabilities pose significant security risks to affected systems.

Key Points

• Cisco disclosed active exploitation of two vulnerabilities in Catalyst SD-WAN Manager.
• The vulnerabilities include CVE-2026-20122, which has a CVSS score of 7.1.
• CVE-2026-20122 is an arbitrary file overwrite vulnerability.
• The flaw allows an authenticated, remote attacker to overwrite arbitrary files on the local file system.
• The vulnerabilities are being actively exploited in the wild, increasing the urgency for remediation.

Analysis

The active exploitation of these vulnerabilities in Cisco's Catalyst SD-WAN Manager highlights the critical need for organizations to promptly address security flaws in their network management systems. Given the CVSS score of 7.1, the vulnerabilities are considered high severity, posing a significant risk to the integrity and security of affected systems. Organizations using this software should prioritize patching and implementing security measures to mitigate potential threats.

Conclusion

IT professionals should immediately assess their exposure to these vulnerabilities and apply any available patches or mitigations. Continuous monitoring and timely updates are essential to safeguard against potential exploitation.