Cisco Confirms Active Exploitation of Catalyst SD-WAN Manager Vulnerabilities

Cisco confirmed active exploitation of two vulnerabilities in Catalyst SD-WAN Manager (previously known as SD-WAN vManage). The flaws include CVE-2026-20122 (CVSS score: 7.1), an arbitrary file overwrite vulnerability allowing authenticated remote attackers to overwrite files on the local filesystem. No specific dates for exploitation or patch releases were provided in the disclosure. The vulnerabilities affect the Catalyst SD-WAN Manager product line, with exploitation occurring in the wild. Cisco has not disclosed additional technical details about the attack vectors or impacted versions beyond the CVE identifiers.