Cisco Catalyst SD-WAN Vulnerabilities
Summary
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an attacker to access an affected system, elevate privileges to root, gain access to sensitive information, and overwrite arbitrary files. For more information about these vulnerabilities, see the Details section of this advisory.
CISA Known Exploited Vulnerability
- Listed:
- Apr 20, 2026 · federal remediation due Apr 23, 2026
- Required action:
- Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- Scope: These vulnerabilities affect Cisco Catalyst SD-WAN Manager, regardless of device configuration.
- Earlier than 20.91 — Migrate to a fixed release
- Release 20.9 (first fixed: 20.9.8.2)
- Release 20.10 (first fixed: 20.12.6.1)
- Release 20.111 (first fixed: 20.12.6.1)
- Release 20.12 (first fixed: 20.12.5.3)
- Release 20.12.6.1 (first fixed: 20.131)
- Release 20.15.4.2 (first fixed: 20.141)
- Release 20.15.4.2 (first fixed: 20.15)
- Release 20.15.4.2 (first fixed: 20.161)
- Release 20.18.2.1 (first fixed: 20.18)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 20.9.8.2
- 20.12.6.1
- 20.12.5.3
- 20.131
- 20.141
- 20.15
- 20.161
- 20.18
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 20.91: migrate to a fixed release.
- Release 20.9: upgrade to 20.9.8.2.
- Release 20.10: upgrade to 20.12.6.1.
- Release 20.111: upgrade to 20.12.6.1.
- Release 20.12: upgrade to 20.12.5.3.
- Release 20.12.6.1: upgrade to 20.131.
- Release 20.15.4.2: upgrade to 20.141.
- Release 20.15.4.2: upgrade to 20.15.
- There are no workarounds that address these vulnerabilities. Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.