CVE-2026-20122 is a critical arbitrary file overwrite vulnerability in Cisco Catalyst SD-WAN Manager's API that allows authenticated attackers to gain elevated privileges. This vulnerability is actively exploited in the wild and listed in CISA's KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-02-25
Added to CISA KEV: 2026-04-20 54 DAYS BETWEEN CVE AND KEV
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by ...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2023-20122 Detail. Modified.Description. Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
A list of Known Exploited Vulnerabilities.