High8.6Cisco Updated
Cisco Catalyst SD-WAN Manager Vulnerabilities
cisco-sa-sdwan-mltvnps2-JxpWm7R Published May 14, 2026Updated by vendor May 14, 2026
CVE-2026-20209CVE-2026-20210CVE-2026-20224
Affected products & platforms
CiscoSD-WANCatalyst SD-WANvManage
Summary
Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow a remote attacker to gain access to sensitive information, elevate privileges, or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.
Affected versions
- Scope: These vulnerabilities affect Cisco Catalyst SD-WAN Manager, regardless of device configuration.
- Earlier than 20.91 — Migrate to a fixed release
- Release 20.9 (first fixed: 20.9.9.1)
- Release 20.10 (first fixed: 20.12.7.1)
- Release 20.111 (first fixed: 20.12.7.1)
- Release 20.12 (first fixed: 20.12.5.4)
- Release 20.12.6.2 (first fixed: 20.12.7.1)
- Release 20.131 (first fixed: 20.15.5.2)
- Release 20.141 (first fixed: 20.15.5.2)
- Release 20.15 (first fixed: 20.15.4.4)
- Release 20.15.5.2 (first fixed: 20.161)
- Release 20.18.2.2 (first fixed: 20.18)
- Release 20.18.2.2 (first fixed: 26.1)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Fixed versions
- 20.9.9.1
- 20.12.7.1
- 20.12.5.4
- 20.15.5.2
- 20.15.4.4
- 20.161
- 20.18
- 26.1
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 20.91: migrate to a fixed release.
- Release 20.9: upgrade to 20.9.9.1.
- Release 20.10: upgrade to 20.12.7.1.
- Release 20.111: upgrade to 20.12.7.1.
- Release 20.12: upgrade to 20.12.5.4.
- Release 20.12.6.2: upgrade to 20.12.7.1.
- Release 20.131: upgrade to 20.15.5.2.
- Release 20.141: upgrade to 20.15.5.2.
Temporary workarounds
- There are no workarounds that address these vulnerabilities.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.