CVE-2026-20224
Cisco · Catalyst SD-WAN Manager
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager allows unauthenticated remote attackers to read arbitrary files via improper input validation.
Executive summary
A critical file read vulnerability in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to access sensitive system files, posing a significant data exposure risk.
Vulnerability
This is an Improper Input Validation vulnerability (CWE-20) that manifests in the web UI. It allows an unauthenticated remote attacker to perform arbitrary file reads, facilitating the disclosure of sensitive configuration data or system credentials.
Business impact
With a CVSS score of 8.6, this vulnerability is highly critical due to the unauthenticated nature of the attack. Unauthorized access to system files can lead to the exposure of cryptographic keys, configuration files, and other sensitive information, potentially enabling full system compromise.
Remediation
Immediate Action: Apply the security updates provided in the Cisco security advisory immediately to remediate the vulnerable web UI components.
Proactive Monitoring: Monitor web server logs for requests containing directory traversal sequences or attempts to access known system configuration file paths.
Compensating Controls: If immediate patching is not possible, place the management interface behind a robust firewall or VPN and restrict access to authorized management subnets only.
Exploitation status
Public Exploit Available: Yes (GitHub PoC repository exists).
Analyst recommendation
The presence of a public proof-of-concept combined with the unauthenticated nature of this vulnerability makes it a high-priority risk. Organizations must treat this as an emergency patching requirement and ensure all affected Catalyst SD-WAN Manager instances are updated without delay.