Cisco Warns of Active Exploitation Targeting Catalyst SD-WAN Manager Vulnerabilities; Urges Immediate Firmware Upgrades
Cisco warns that CVE-2026-20128 and CVE-2026-20122 are being exploited in the wild. Administrators are urged to patch Catalyst SD-WAN Manager immediately.
By: AXL Media
Published: Mar 5, 2026, 5:41 AM EST
Source: The information in this article was sourced from BleepingComputer
Escalation of Attacks Against Centralized Network Management
The threat landscape for enterprise networking has shifted as Cisco confirms that more vulnerabilities in its Catalyst SD-WAN Manager (formerly vManage) are being targeted in the wild. As of March 5, 2026, the Cisco Product Security Incident Response Team (PSIRT) observed active exploitation of high and medium-severity flaws. Because the Catalyst SD-WAN Manager acts as a centralized dashboard for up to 6,000 devices, a compromise at this level provides attackers with a high-leverage entry point into expansive corporate and government infrastructures.
Technical Breakdown of Exploited CVEs
The current wave of attacks specifically targets two distinct vulnerabilities:
CVE-2026-20122 (High Severity): An arbitrary file overwrite flaw that allows remote attackers with valid read-only credentials and API access to modify system files. This can lead to persistent access or service disruption.
CVE-2026-20128 (Medium Severity): An information disclosure vulnerability that enables local attackers with valid vManage credentials to access sensitive system data.
Categories
Topics
Related Coverage
- "Scam Altman": Elon Musk Accusations Open Blockbuster OpenAI Trial
- Uber Unveils "Everything App" Strategy: Hotels, Personal Shoppers, and Potential Flights
- Bauchi Governor Bala Mohammed Signals Potential Shift to APM Following Collapse of APC and ADC Talks
- Zimbabwe Investment Realization Plummets to 3% as Investors Withhold Billions Over Structural Instability