CVE-2026-20128

high

Cisco ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.1%

Exploitation probability in 30 days

Top 81% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: February 25, 2026 (77 days ago)

Last Modified: April 21, 2026

Vendor: Cisco

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-04-20

Remediation Due: 2026-04-23 (⚠ 21d overdue)

Description

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CWE

CWE-257

Affected Products

cisco catalyst sd-wan manager

References

🔗 sec.cloudapps.cisco.com 🔗 www.cisa.gov

CVE-2026-20128

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References