← ExploitWatch
HomeExploited Vulnerabilities

CVE-2026-20128 — Actively Exploited: Catalyst SD-WAN Manager (Cisco)

Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.

CVE IDCVE-2026-20128
VendorCisco
ProductCatalyst SD-WAN Manager
Vulnerability nameCisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Date added2026-04-20
Remediation due2026-04-23
Known ransomware useUnknown
Required actionPlease adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicab
DescriptionCisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →