CVE-2026-20210 MEDIUM

CVE-2026-20210: Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco Catalyst SD-WAN Manager
Weakness CWE-779
Published May 14, 2026
Last update May 15, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 15, 2026 Record updated