Search criteria
6378 vulnerabilities
CVE-2026-20238 (GCVE-0-2026-20238)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:32 – Updated: 2026-05-20 17:48
VLAI
Title
Improper Access Control through Role Inheritance in Splunk AI Toolkit app
Summary
In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.<br><br>The app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in ‘user’ role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles.
Severity
6.5 (Medium)
CWE
- CWE-863 - The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk AI Toolkit |
Affected:
5.7 , < 5.7.3
(custom)
|
Date Public
2026-05-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T17:48:33.784566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T17:48:46.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk AI Toolkit",
"vendor": "Splunk",
"versions": [
{
"lessThan": "5.7.3",
"status": "affected",
"version": "5.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Martin Muller, Splunk"
}
],
"datePublic": "2026-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.\u003cbr\u003e\u003cbr\u003eThe app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in \u2018user\u2019 role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles."
}
],
"value": "In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the \u0027admin\u0027 or \u0027power\u0027 roles could access confidential data that was restricted through `srchFilter` configurations on custom roles.\u003cbr\u003e\u003cbr\u003eThe app contains an `authorize.conf` configuration file with a `srchFilter` entry that modifies the built-in \u2018user\u2019 role. Because the Splunk platform combines inherited search filters with the `OR` SPL operator, the injected filter overrides more restrictive filters on child roles."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:32:19.740Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
}
],
"source": {
"advisory": "SVD-2026-0502"
},
"title": "Improper Access Control through Role Inheritance in Splunk AI Toolkit app"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20238",
"datePublished": "2026-05-20T16:32:19.740Z",
"dateReserved": "2025-10-08T11:59:15.400Z",
"dateUpdated": "2026-05-20T17:48:46.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20239 (GCVE-0-2026-20239)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:32 – Updated: 2026-05-21 03:55
VLAI
Title
Sensitive Information Disclosure through Log Files in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data.
Severity
7.5 (High)
CWE
- CWE-532 - Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
10.2 , < 10.2.2
(custom)
Affected: 10.0 , < 10.0.5 (custom) |
|
| Splunk | Splunk Cloud Platform |
Affected:
10.3.2512 , < 10.3.2512.8
(custom)
Affected: 10.2.2510 , < 10.2.2510.11 (custom) Affected: 10.1.2507 , < 10.1.2507.21 (custom) Affected: 10.0.2503 , < 10.0.2503.13 (custom) |
Date Public
2026-05-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:38.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.3.2512.8",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.11",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.21",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.13",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Charlie Huggard, Splunk"
}
],
"datePublic": "2026-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
}
],
"value": "In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:32:12.678Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
}
],
"source": {
"advisory": "SVD-2026-0503"
},
"title": "Sensitive Information Disclosure through Log Files in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20239",
"datePublished": "2026-05-20T16:32:12.678Z",
"dateReserved": "2025-10-08T11:59:15.400Z",
"dateUpdated": "2026-05-21T03:55:38.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20240 (GCVE-0-2026-20240)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:32 – Updated: 2026-05-20 17:47
VLAI
Title
Denial of Service through coldToFrozen.sh Script in Splunk Enterprise
Summary
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.
Severity
7.1 (High)
CWE
- CWE-20 - The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
10.2 , < 10.2.2
(custom)
Affected: 10.0 , < 10.0.5 (custom) Affected: 9.4 , < 9.4.11 (custom) Affected: 9.3 , < 9.3.12 (custom) |
|
| Splunk | Splunk Cloud Platform |
Affected:
10.4.2603 , < 10.4.2603.1
(custom)
Affected: 10.3.2512 , < 10.3.2512.9 (custom) Affected: 10.2.2510 , < 10.2.2510.11 (custom) Affected: 10.1.2507 , < 10.1.2507.21 (custom) Affected: 10.0.2503 , < 10.0.2503.13 (custom) Affected: 9.3.2411 , < 9.3.2411.129 (custom) |
Date Public
2026-05-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T17:47:29.920729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T17:47:46.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.2.2",
"status": "affected",
"version": "10.2",
"versionType": "custom"
},
{
"lessThan": "10.0.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "9.4.11",
"status": "affected",
"version": "9.4",
"versionType": "custom"
},
{
"lessThan": "9.3.12",
"status": "affected",
"version": "9.3",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "10.4.2603.1",
"status": "affected",
"version": "10.4.2603",
"versionType": "custom"
},
{
"lessThan": "10.3.2512.9",
"status": "affected",
"version": "10.3.2512",
"versionType": "custom"
},
{
"lessThan": "10.2.2510.11",
"status": "affected",
"version": "10.2.2510",
"versionType": "custom"
},
{
"lessThan": "10.1.2507.21",
"status": "affected",
"version": "10.1.2507",
"versionType": "custom"
},
{
"lessThan": "10.0.2503.13",
"status": "affected",
"version": "10.0.2503",
"versionType": "custom"
},
{
"lessThan": "9.3.2411.129",
"status": "affected",
"version": "9.3.2411",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Hordijk (hordalex)"
}
],
"datePublic": "2026-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
}
],
"value": "In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the \u2018admin\u2019 or \u2018power\u2019 Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.\u003cbr\u003e\u003cbr\u003eThe Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:32:05.687Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
}
],
"source": {
"advisory": "SVD-2026-0504"
},
"title": "Denial of Service through coldToFrozen.sh Script in Splunk Enterprise"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20240",
"datePublished": "2026-05-20T16:32:05.687Z",
"dateReserved": "2025-10-08T11:59:15.400Z",
"dateUpdated": "2026-05-20T17:47:46.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20199 (GCVE-0-2026-20199)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:15 – Updated: 2026-05-21 13:06
VLAI
Summary
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user.
This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
Severity
4.7 (Medium)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco ThousandEyes Enterprise Agent |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T03:55:36.884567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:06:11.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco ThousandEyes Enterprise Agent",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:15:18.647Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-tevacert-rce-RMJVEym5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5"
}
],
"source": {
"advisory": "cisco-sa-tevacert-rce-RMJVEym5",
"defects": [
"CSCwt77059"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20199",
"datePublished": "2026-05-20T16:15:18.647Z",
"dateReserved": "2025-10-08T11:59:15.397Z",
"dateUpdated": "2026-05-21T13:06:11.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20171 (GCVE-0-2026-20171)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:06 – Updated: 2026-05-20 18:31
VLAI
Title
Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability
Summary
A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition.
Severity
6.8 (Medium)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco NX-OS Software |
Affected:
10.2(1)
Affected: 10.2(1q) Affected: 10.2(2) Affected: 10.2(3) Affected: 10.2(3t) Affected: 10.2(2a) Affected: 10.3(1) Affected: 10.2(4) Affected: 10.3(2) Affected: 10.3(3) Affected: 10.2(5) Affected: 10.2(3v) Affected: 10.4(1) Affected: 10.3(99w) Affected: 10.2(6) Affected: 10.3(3w) Affected: 10.3(99x) Affected: 10.3(3o) Affected: 10.3(4) Affected: 10.3(3p) Affected: 10.3(4a) Affected: 10.4(2) Affected: 10.3(3q) Affected: 10.3(5) Affected: 10.2(7) Affected: 10.4(3) Affected: 10.3(3x) Affected: 10.3(4g) Affected: 10.5(1) Affected: 10.2(8) Affected: 10.3(3r) Affected: 10.3(6) Affected: 10.4(4) Affected: 10.3(4h) Affected: 10.5(2) Affected: 10.3(7) Affected: 10.4(5) Affected: 10.5(3) Affected: 10.2(9) Affected: 10.4(4g) Affected: 10.6(1) Affected: 10.5(3t) Affected: 10.3(8) Affected: 10.4(6) Affected: 10.5(3s) Affected: 10.5(3e) Affected: 10.5(3o) Affected: 10.6(1s) Affected: 10.5(3p) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T18:31:37.215391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T18:31:44.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco NX-OS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "10.2(1q)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.2(3)"
},
{
"status": "affected",
"version": "10.2(3t)"
},
{
"status": "affected",
"version": "10.2(2a)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.2(4)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.3(3)"
},
{
"status": "affected",
"version": "10.2(5)"
},
{
"status": "affected",
"version": "10.2(3v)"
},
{
"status": "affected",
"version": "10.4(1)"
},
{
"status": "affected",
"version": "10.3(99w)"
},
{
"status": "affected",
"version": "10.2(6)"
},
{
"status": "affected",
"version": "10.3(3w)"
},
{
"status": "affected",
"version": "10.3(99x)"
},
{
"status": "affected",
"version": "10.3(3o)"
},
{
"status": "affected",
"version": "10.3(4)"
},
{
"status": "affected",
"version": "10.3(3p)"
},
{
"status": "affected",
"version": "10.3(4a)"
},
{
"status": "affected",
"version": "10.4(2)"
},
{
"status": "affected",
"version": "10.3(3q)"
},
{
"status": "affected",
"version": "10.3(5)"
},
{
"status": "affected",
"version": "10.2(7)"
},
{
"status": "affected",
"version": "10.4(3)"
},
{
"status": "affected",
"version": "10.3(3x)"
},
{
"status": "affected",
"version": "10.3(4g)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.2(8)"
},
{
"status": "affected",
"version": "10.3(3r)"
},
{
"status": "affected",
"version": "10.3(6)"
},
{
"status": "affected",
"version": "10.4(4)"
},
{
"status": "affected",
"version": "10.3(4h)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.3(7)"
},
{
"status": "affected",
"version": "10.4(5)"
},
{
"status": "affected",
"version": "10.5(3)"
},
{
"status": "affected",
"version": "10.2(9)"
},
{
"status": "affected",
"version": "10.4(4g)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(3t)"
},
{
"status": "affected",
"version": "10.3(8)"
},
{
"status": "affected",
"version": "10.4(6)"
},
{
"status": "affected",
"version": "10.5(3s)"
},
{
"status": "affected",
"version": "10.5(3e)"
},
{
"status": "affected",
"version": "10.5(3o)"
},
{
"status": "affected",
"version": "10.6(1s)"
},
{
"status": "affected",
"version": "10.5(3p)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Border Gateway Protocol (BGP)\u0026nbsp;enforce-first-as feature of\u0026nbsp;Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:06:38.711Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-bgp-iefab-3hb2pwtx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx"
}
],
"source": {
"advisory": "cisco-sa-bgp-iefab-3hb2pwtx",
"defects": [
"CSCwr23951"
],
"discovery": "INTERNAL"
},
"title": "Cisco Nexus 3000 and 9000 Series Border Gateway Protocol Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20171",
"datePublished": "2026-05-20T16:06:38.711Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-05-20T18:31:44.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20206 (GCVE-0-2026-20206)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:06 – Updated: 2026-05-21 13:06
VLAI
Title
Cisco ThousandEyes BrowserBot Command Injection Vulnerability
Summary
A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed.
This vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user.
To exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests.
Severity
6.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco ThousandEyes Enterprise Agent |
Affected:
Agent 5.0
Affected: Agent 4.4.4 Affected: Agent 4.4.3 Affected: Agent 4.4.2 Affected: Agent 4.2 Affected: Agent 4.1 Affected: Agent 4.0 Affected: Agent 5.1 Affected: Agent 5.1.2 Affected: Agent 5.1.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T03:55:35.778187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T13:06:27.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco ThousandEyes Enterprise Agent",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "Agent 5.0"
},
{
"status": "affected",
"version": "Agent 4.4.4"
},
{
"status": "affected",
"version": "Agent 4.4.3"
},
{
"status": "affected",
"version": "Agent 4.4.2"
},
{
"status": "affected",
"version": "Agent 4.2"
},
{
"status": "affected",
"version": "Agent 4.1"
},
{
"status": "affected",
"version": "Agent 4.0"
},
{
"status": "affected",
"version": "Agent 5.1"
},
{
"status": "affected",
"version": "Agent 5.1.2"
},
{
"status": "affected",
"version": "Agent 5.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEyes Enterprise Agent, and no customer action is needed.\r\n\r\nThis vulnerability was due to insufficient input validation of command arguments that are supplied by the user. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by authenticating to the ThousandEyes SaaS and submitting crafted input into the affected parameter. A successful exploit could have allowed the attacker to execute arbitrary commands within the BrowserBot container as the node user.\r\nTo exploit this vulnerability, the attacker must have valid user credentials for the ThousandEyes SaaS and the ability to manage transaction tests."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:06:32.010Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-tebbot-cmdinj-wN3yQ5gn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tebbot-cmdinj-wN3yQ5gn"
}
],
"source": {
"advisory": "cisco-sa-tebbot-cmdinj-wN3yQ5gn",
"defects": [
"CSCwt71150"
],
"discovery": "EXTERNAL"
},
"title": "Cisco ThousandEyes BrowserBot Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20206",
"datePublished": "2026-05-20T16:06:32.010Z",
"dateReserved": "2025-10-08T11:59:15.397Z",
"dateUpdated": "2026-05-21T13:06:27.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20223 (GCVE-0-2026-20223)
Vulnerability from cvelistv5 – Published: 2026-05-20 16:06 – Updated: 2026-05-21 03:55
VLAI
Title
Cisco Secure Workload Unauthorized API Access Vulnerability
Summary
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
Severity
10 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Workload |
Affected:
2.2.1.41
Affected: 3.2.1.18 Affected: 3.3.2.50 Affected: 3.4.1.28 Affected: 3.4.1.34 Affected: 2.3.1.45 Affected: 2.3.1.41 Affected: 3.3.2.28 Affected: 3.1.1.59 Affected: 2.0.2.20 Affected: 2.1.1.33 Affected: 2.1.1.29 Affected: 3.2.1.28 Affected: 3.4.1.35 Affected: 3.1.1.65 Affected: 3.1.1.67 Affected: 2.0.1.34 Affected: 2.3.1.49 Affected: 2.2.1.39 Affected: 3.4.1.19 Affected: 3.3.2.23 Affected: 3.1.1.61 Affected: 3.1.1.54 Affected: 3.5.1.17 Affected: 3.3.2.33 Affected: 3.5.1.1 Affected: 2.3.1.53 Affected: 3.5.1.20 Affected: 3.5.1.30 Affected: 3.3.2.16 Affected: 3.1.1.55 Affected: 3.4.1.6 Affected: 2.3.1.50 Affected: 2.3.1.52 Affected: 3.2.1.19 Affected: 2.2.1.35 Affected: 3.1.1.53 Affected: 3.1.1.70 Affected: 3.2.1.20 Affected: 3.5.1.2 Affected: 1.103.1.12 Affected: 2.3.1.51 Affected: 3.3.2.42 Affected: 3.4.1.1 Affected: 3.3.2.12 Affected: 2.1.1.31 Affected: 3.5.1.23 Affected: 3.3.2.53 Affected: 3.4.1.14 Affected: 3.3.2.2 Affected: 3.4.1.20 Affected: 3.3.2.35 Affected: 2.2.1.34 Affected: 1.102.21 Affected: 3.3.2.5 Affected: 3.5.1.31 Affected: 3.6.1.5 Affected: 3.2.1.31 Affected: 3.5.1.37 Affected: 3.4.1.40 Affected: 3.6.1.17 Affected: 3.6.1.21 Affected: 3.2.1.32 Affected: 3.2.1.33 Affected: 3.6.1.35 Affected: 3.6.1.36 Affected: 3.7.1.5 Affected: 3.6.1.47 Affected: 3.7.1.22 Affected: 3.6.1.52 Affected: 3.7.1.39 Affected: 3.8.1.1 Affected: 3.7.1.51 Affected: 3.8.1.19 Affected: 3.8.1.36 Affected: 3.7.1.59 Affected: 3.8.1.39 Affected: 3.9.1.1 Affected: 3.9.1.10 Affected: 3.9.1.24 Affected: 3.9.1.25 Affected: 3.9.1.28 Affected: 3.9.1.38 Affected: 3.8.1.53 Affected: 3.9.1.52 Affected: 3.10.1.1 Affected: 3.9.1.64 Affected: 3.10.2.11 Affected: 3.9.1.66 Affected: 3.10.3.19 Affected: 3.9.1.69 Affected: 3.10.4.8 Affected: 3.10.5.6 Affected: 4.0.1.1 Affected: 4.0.2.4 Affected: 4.0.2.5 Affected: 3.10.6.3 Affected: 3.10.7.4 Affected: 4.0.3.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:37.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Workload",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.1.41"
},
{
"status": "affected",
"version": "3.2.1.18"
},
{
"status": "affected",
"version": "3.3.2.50"
},
{
"status": "affected",
"version": "3.4.1.28"
},
{
"status": "affected",
"version": "3.4.1.34"
},
{
"status": "affected",
"version": "2.3.1.45"
},
{
"status": "affected",
"version": "2.3.1.41"
},
{
"status": "affected",
"version": "3.3.2.28"
},
{
"status": "affected",
"version": "3.1.1.59"
},
{
"status": "affected",
"version": "2.0.2.20"
},
{
"status": "affected",
"version": "2.1.1.33"
},
{
"status": "affected",
"version": "2.1.1.29"
},
{
"status": "affected",
"version": "3.2.1.28"
},
{
"status": "affected",
"version": "3.4.1.35"
},
{
"status": "affected",
"version": "3.1.1.65"
},
{
"status": "affected",
"version": "3.1.1.67"
},
{
"status": "affected",
"version": "2.0.1.34"
},
{
"status": "affected",
"version": "2.3.1.49"
},
{
"status": "affected",
"version": "2.2.1.39"
},
{
"status": "affected",
"version": "3.4.1.19"
},
{
"status": "affected",
"version": "3.3.2.23"
},
{
"status": "affected",
"version": "3.1.1.61"
},
{
"status": "affected",
"version": "3.1.1.54"
},
{
"status": "affected",
"version": "3.5.1.17"
},
{
"status": "affected",
"version": "3.3.2.33"
},
{
"status": "affected",
"version": "3.5.1.1"
},
{
"status": "affected",
"version": "2.3.1.53"
},
{
"status": "affected",
"version": "3.5.1.20"
},
{
"status": "affected",
"version": "3.5.1.30"
},
{
"status": "affected",
"version": "3.3.2.16"
},
{
"status": "affected",
"version": "3.1.1.55"
},
{
"status": "affected",
"version": "3.4.1.6"
},
{
"status": "affected",
"version": "2.3.1.50"
},
{
"status": "affected",
"version": "2.3.1.52"
},
{
"status": "affected",
"version": "3.2.1.19"
},
{
"status": "affected",
"version": "2.2.1.35"
},
{
"status": "affected",
"version": "3.1.1.53"
},
{
"status": "affected",
"version": "3.1.1.70"
},
{
"status": "affected",
"version": "3.2.1.20"
},
{
"status": "affected",
"version": "3.5.1.2"
},
{
"status": "affected",
"version": "1.103.1.12"
},
{
"status": "affected",
"version": "2.3.1.51"
},
{
"status": "affected",
"version": "3.3.2.42"
},
{
"status": "affected",
"version": "3.4.1.1"
},
{
"status": "affected",
"version": "3.3.2.12"
},
{
"status": "affected",
"version": "2.1.1.31"
},
{
"status": "affected",
"version": "3.5.1.23"
},
{
"status": "affected",
"version": "3.3.2.53"
},
{
"status": "affected",
"version": "3.4.1.14"
},
{
"status": "affected",
"version": "3.3.2.2"
},
{
"status": "affected",
"version": "3.4.1.20"
},
{
"status": "affected",
"version": "3.3.2.35"
},
{
"status": "affected",
"version": "2.2.1.34"
},
{
"status": "affected",
"version": "1.102.21"
},
{
"status": "affected",
"version": "3.3.2.5"
},
{
"status": "affected",
"version": "3.5.1.31"
},
{
"status": "affected",
"version": "3.6.1.5"
},
{
"status": "affected",
"version": "3.2.1.31"
},
{
"status": "affected",
"version": "3.5.1.37"
},
{
"status": "affected",
"version": "3.4.1.40"
},
{
"status": "affected",
"version": "3.6.1.17"
},
{
"status": "affected",
"version": "3.6.1.21"
},
{
"status": "affected",
"version": "3.2.1.32"
},
{
"status": "affected",
"version": "3.2.1.33"
},
{
"status": "affected",
"version": "3.6.1.35"
},
{
"status": "affected",
"version": "3.6.1.36"
},
{
"status": "affected",
"version": "3.7.1.5"
},
{
"status": "affected",
"version": "3.6.1.47"
},
{
"status": "affected",
"version": "3.7.1.22"
},
{
"status": "affected",
"version": "3.6.1.52"
},
{
"status": "affected",
"version": "3.7.1.39"
},
{
"status": "affected",
"version": "3.8.1.1"
},
{
"status": "affected",
"version": "3.7.1.51"
},
{
"status": "affected",
"version": "3.8.1.19"
},
{
"status": "affected",
"version": "3.8.1.36"
},
{
"status": "affected",
"version": "3.7.1.59"
},
{
"status": "affected",
"version": "3.8.1.39"
},
{
"status": "affected",
"version": "3.9.1.1"
},
{
"status": "affected",
"version": "3.9.1.10"
},
{
"status": "affected",
"version": "3.9.1.24"
},
{
"status": "affected",
"version": "3.9.1.25"
},
{
"status": "affected",
"version": "3.9.1.28"
},
{
"status": "affected",
"version": "3.9.1.38"
},
{
"status": "affected",
"version": "3.8.1.53"
},
{
"status": "affected",
"version": "3.9.1.52"
},
{
"status": "affected",
"version": "3.10.1.1"
},
{
"status": "affected",
"version": "3.9.1.64"
},
{
"status": "affected",
"version": "3.10.2.11"
},
{
"status": "affected",
"version": "3.9.1.66"
},
{
"status": "affected",
"version": "3.10.3.19"
},
{
"status": "affected",
"version": "3.9.1.69"
},
{
"status": "affected",
"version": "3.10.4.8"
},
{
"status": "affected",
"version": "3.10.5.6"
},
{
"status": "affected",
"version": "4.0.1.1"
},
{
"status": "affected",
"version": "4.0.2.4"
},
{
"status": "affected",
"version": "4.0.2.5"
},
{
"status": "affected",
"version": "3.10.6.3"
},
{
"status": "affected",
"version": "3.10.7.4"
},
{
"status": "affected",
"version": "4.0.3.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the\u0026nbsp;access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the\u0026nbsp;Site Admin role.\r\n\r\nThis vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the\u0026nbsp;Site Admin user.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:06:30.740Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-csw-pnbsa-g8WEnuy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy"
}
],
"source": {
"advisory": "cisco-sa-csw-pnbsa-g8WEnuy",
"defects": [
"CSCwt99942"
],
"discovery": "INTERNAL"
},
"title": "Cisco Secure Workload Unauthorized API Access Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20223",
"datePublished": "2026-05-20T16:06:30.740Z",
"dateReserved": "2025-10-08T11:59:15.399Z",
"dateUpdated": "2026-05-21T03:55:37.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20224 (GCVE-0-2026-20224)
Vulnerability from cvelistv5 – Published: 2026-05-14 16:08 – Updated: 2026-05-14 18:29
VLAI
Title
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials.
This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system.
Severity
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 26.0.1 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images Affected: 26.1.1 Affected: 26.1.1_LI_Images Affected: 20.18.2.1_LI_Images Affected: 20.18.2.1 Affected: 20.15.4.2_LI_Images Affected: 20.15.4.2 Affected: 20.12.6.1 Affected: 20.12.6.1_LI_Images Affected: 20.12.5.3 Affected: 20.12.5.3_LI_Images Affected: 20.9.8.2_LI_Images Affected: 20.9.8.2 Affected: 20.18.3 Affected: 20.18.3_LI_Images Affected: 20.15.5 Affected: 20.15.5_LI_Images Affected: 20.12.7 Affected: 20.12.7_LI_Images Affected: 20.9.9 Affected: 20.9.9_LI_Images Affected: 20.18.2.2 Affected: 20.18.2.2_LI_Images Affected: 20.12.5.4 Affected: 20.12.5.4_LI_ Images Affected: 20.12.7.1_LI_Images Affected: 20.12.6.2_LI_Images Affected: 20.12.7.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T18:29:43.192282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T18:29:53.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "26.0.1"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
},
{
"status": "affected",
"version": "26.1.1"
},
{
"status": "affected",
"version": "26.1.1_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1"
},
{
"status": "affected",
"version": "20.15.4.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.2"
},
{
"status": "affected",
"version": "20.12.6.1"
},
{
"status": "affected",
"version": "20.12.6.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.3"
},
{
"status": "affected",
"version": "20.12.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2"
},
{
"status": "affected",
"version": "20.18.3"
},
{
"status": "affected",
"version": "20.18.3_LI_Images"
},
{
"status": "affected",
"version": "20.15.5"
},
{
"status": "affected",
"version": "20.15.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.7"
},
{
"status": "affected",
"version": "20.12.7_LI_Images"
},
{
"status": "affected",
"version": "20.9.9"
},
{
"status": "affected",
"version": "20.9.9_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.2"
},
{
"status": "affected",
"version": "20.18.2.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.4"
},
{
"status": "affected",
"version": "20.12.5.4_LI_ Images"
},
{
"status": "affected",
"version": "20.12.7.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:08:46.786Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R"
},
{
"name": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability\u003c/a\u003e was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The \u003ca href=\"#IOC\"\u003eIndicators of Compromise",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"defects": [
"CSCwt55544"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20224",
"datePublished": "2026-05-14T16:08:46.786Z",
"dateReserved": "2025-10-08T11:59:15.399Z",
"dateUpdated": "2026-05-14T18:29:53.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20210 (GCVE-0-2026-20210)
Vulnerability from cvelistv5 – Published: 2026-05-14 16:08 – Updated: 2026-05-15 03:56
VLAI
Title
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.
This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
Severity
5.4 (Medium)
CWE
- CWE-779 - Logging of Excessive Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 26.0.1 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images Affected: 20.18.2.1_LI_Images Affected: 20.18.2.1 Affected: 20.15.4.2_LI_Images Affected: 20.15.4.2 Affected: 20.12.6.1 Affected: 20.12.6.1_LI_Images Affected: 20.12.5.3 Affected: 20.12.5.3_LI_Images Affected: 20.9.8.2_LI_Images Affected: 20.9.8.2 Affected: 20.18.3 Affected: 20.18.3_LI_Images Affected: 20.15.5 Affected: 20.15.5_LI_Images Affected: 20.12.7 Affected: 20.12.7_LI_Images Affected: 20.9.9 Affected: 20.9.9_LI_Images Affected: 20.18.2.2 Affected: 20.18.2.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:12.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "26.0.1"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1"
},
{
"status": "affected",
"version": "20.15.4.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.2"
},
{
"status": "affected",
"version": "20.12.6.1"
},
{
"status": "affected",
"version": "20.12.6.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.3"
},
{
"status": "affected",
"version": "20.12.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2"
},
{
"status": "affected",
"version": "20.18.3"
},
{
"status": "affected",
"version": "20.18.3_LI_Images"
},
{
"status": "affected",
"version": "20.15.5"
},
{
"status": "affected",
"version": "20.15.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.7"
},
{
"status": "affected",
"version": "20.12.7_LI_Images"
},
{
"status": "affected",
"version": "20.9.9"
},
{
"status": "affected",
"version": "20.9.9_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.2"
},
{
"status": "affected",
"version": "20.18.2.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.\r\n\r\nThis vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "Logging of Excessive Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:08:46.451Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R"
},
{
"name": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability\u003c/a\u003e was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The \u003ca href=\"#IOC\"\u003eIndicators of Compromise",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"defects": [
"CSCwt38767"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20210",
"datePublished": "2026-05-14T16:08:46.451Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-05-15T03:56:12.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20209 (GCVE-0-2026-20209)
Vulnerability from cvelistv5 – Published: 2026-05-14 16:08 – Updated: 2026-05-15 03:56
VLAI
Title
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.
This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.
Severity
5.4 (Medium)
CWE
- CWE-779 - Logging of Excessive Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 26.0.1 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images Affected: 20.18.2.1_LI_Images Affected: 20.18.2.1 Affected: 20.15.4.2_LI_Images Affected: 20.15.4.2 Affected: 20.12.6.1 Affected: 20.12.6.1_LI_Images Affected: 20.12.5.3 Affected: 20.12.5.3_LI_Images Affected: 20.9.8.2_LI_Images Affected: 20.9.8.2 Affected: 20.18.3 Affected: 20.18.3_LI_Images Affected: 20.15.5 Affected: 20.15.5_LI_Images Affected: 20.12.7 Affected: 20.12.7_LI_Images Affected: 20.9.9 Affected: 20.9.9_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:13.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "26.0.1"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1_LI_Images"
},
{
"status": "affected",
"version": "20.18.2.1"
},
{
"status": "affected",
"version": "20.15.4.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.2"
},
{
"status": "affected",
"version": "20.12.6.1"
},
{
"status": "affected",
"version": "20.12.6.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.3"
},
{
"status": "affected",
"version": "20.12.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.8.2"
},
{
"status": "affected",
"version": "20.18.3"
},
{
"status": "affected",
"version": "20.18.3_LI_Images"
},
{
"status": "affected",
"version": "20.15.5"
},
{
"status": "affected",
"version": "20.15.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.7"
},
{
"status": "affected",
"version": "20.12.7_LI_Images"
},
{
"status": "affected",
"version": "20.9.9"
},
{
"status": "affected",
"version": "20.9.9_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.\r\n\r\nThis vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "Logging of Excessive Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:08:26.999Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R"
},
{
"name": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability\u003c/a\u003e was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The \u003ca href=\"#IOC\"\u003eIndicators of Compromise",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-mltvnps2-JxpWm7R",
"defects": [
"CSCwt38739"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20209",
"datePublished": "2026-05-14T16:08:26.999Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-05-15T03:56:13.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20182 (GCVE-0-2026-20182)
Vulnerability from cvelistv5 – Published: 2026-05-14 16:08 – Updated: 2026-05-15 03:56
VLAI
CISA KEV
Title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Severity
10 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 19.1.0 Affected: 18.4.303 Affected: 19.2.098 Affected: 18.3.6.1 Affected: 18.2.0 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 17.2.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.4 Affected: 19.2.4.0.9 Affected: 20.1.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20182",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20182"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:56:08.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20182"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-14T00:00:00.000Z",
"value": "CVE-2026-20182 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.1.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.\u0026nbsp;\r\n\r\nA vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric."
}
],
"exploits": [
{
"lang": "en",
"value": "In May 2026, the Cisco Product Security Incident Response Team (PSIRT) became aware of limited exploitation of this vulnerability. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:08:25.566Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-rpa2-v69WY2SW",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW"
},
{
"name": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability\u003c/a\u003e was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The \u003ca href=\"#IOC\"\u003eIndicators of Compromise",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-rpa2-v69WY2SW",
"defects": [
"CSCwt50498"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20182",
"datePublished": "2026-05-14T16:08:25.566Z",
"dateReserved": "2025-10-08T11:59:15.393Z",
"dateUpdated": "2026-05-15T03:56:08.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20219 (GCVE-0-2026-20219)
Vulnerability from cvelistv5 – Published: 2026-05-06 17:10 – Updated: 2026-05-06 19:09
VLAI
Summary
A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed.
This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results.
Severity
5.4 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Webex Meetings |
Affected:
39.10
Affected: 39.11 Affected: 39.6 Affected: 39.7 Affected: 39.7.4 Affected: 39.7.7 Affected: 39.8 Affected: 39.8.2 Affected: 39.8.3 Affected: 39.8.4 Affected: 39.9 Affected: 39.9.1 Affected: 40.1 Affected: 40.2 Affected: 40.4 Affected: 40.4.10 Affected: 40.6 Affected: 40.6.2 Affected: 42.10 Affected: 42.11 Affected: 42.6 Affected: 42.9 Affected: 42.12 Affected: 42.7 Affected: 43.1 Affected: 43.4 Affected: 43.4.2 Affected: 43.5.0 Affected: 43.4.1 |
|
| Cisco | Cisco Slido |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T19:08:45.650631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T19:09:39.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Meetings",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "39.10"
},
{
"status": "affected",
"version": "39.11"
},
{
"status": "affected",
"version": "39.6"
},
{
"status": "affected",
"version": "39.7"
},
{
"status": "affected",
"version": "39.7.4"
},
{
"status": "affected",
"version": "39.7.7"
},
{
"status": "affected",
"version": "39.8"
},
{
"status": "affected",
"version": "39.8.2"
},
{
"status": "affected",
"version": "39.8.3"
},
{
"status": "affected",
"version": "39.8.4"
},
{
"status": "affected",
"version": "39.9"
},
{
"status": "affected",
"version": "39.9.1"
},
{
"status": "affected",
"version": "40.1"
},
{
"status": "affected",
"version": "40.2"
},
{
"status": "affected",
"version": "40.4"
},
{
"status": "affected",
"version": "40.4.10"
},
{
"status": "affected",
"version": "40.6"
},
{
"status": "affected",
"version": "40.6.2"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.2"
},
{
"status": "affected",
"version": "43.5.0"
},
{
"status": "affected",
"version": "43.4.1"
}
]
},
{
"product": "Cisco Slido",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed.\r\n\r This vulnerability existed because of the presence of an insecure direct object reference. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by sending a crafted request to the vulnerable API endpoint. A successful exploit could have allowed the attacker to view the social profiles of other users or affect quiz and poll results."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:10:46.343Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-slido-idor-CpsFmKxN",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-slido-idor-CpsFmKxN"
}
],
"source": {
"advisory": "cisco-sa-slido-idor-CpsFmKxN",
"defects": [
"CSCwt90572"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20219",
"datePublished": "2026-05-06T17:10:46.343Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-05-06T19:09:39.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20034 (GCVE-0-2026-20034)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:16 – Updated: 2026-05-07 03:55
VLAI
Title
Cisco Unity Connection Remote Code Execution Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Severity
8.8 (High)
CWE
- CWE-35 - Path Traversal: '.../...//'
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
12.5(1)
Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 14SU3a Affected: 12.5(1)SU8a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 Affected: 15SU3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20034",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T03:55:48.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device.\u0026nbsp;To exploit this vulnerability, the attacker must have valid user credentials on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "Path Traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:16:05.322Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-rce-ssrf-hENhuASy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"
}
],
"source": {
"advisory": "cisco-sa-unity-rce-ssrf-hENhuASy",
"defects": [
"CSCwq36774"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20034",
"datePublished": "2026-05-06T16:16:05.322Z",
"dateReserved": "2025-10-08T11:59:15.353Z",
"dateUpdated": "2026-05-07T03:55:48.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20035 (GCVE-0-2026-20035)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:27
VLAI
Title
Cisco Unity Connection Server-Side Request Forgery Vulnerability
Summary
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.
Severity
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
12.5(1)
Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 14 Affected: 12.5(1)SU5 Affected: 14SU1 Affected: 12.5(1)SU6 Affected: 14SU2 Affected: 12.5(1)SU7 Affected: 14SU3 Affected: 12.5(1)SU8 Affected: 14SU3a Affected: 12.5(1)SU8a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 12.5(1)SU9 Affected: 15SU2 Affected: 15SU3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20035",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:27:15.669186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:27:23.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:57.142Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-rce-ssrf-hENhuASy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy"
}
],
"source": {
"advisory": "cisco-sa-unity-rce-ssrf-hENhuASy",
"defects": [
"CSCwq36834"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Server-Side Request Forgery Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20035",
"datePublished": "2026-05-06T16:15:57.142Z",
"dateReserved": "2025-10-08T11:59:15.353Z",
"dateUpdated": "2026-05-06T17:27:23.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20167 (GCVE-0-2026-20167)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:26
VLAI
Title
Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.
This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.
Severity
7.7 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) |
Affected:
4.5.1
Affected: 4.4.3 Affected: 4.1.0 Affected: 4.1.3 Affected: 4.6.1 Affected: 4.1.1 Affected: 4.4.0 Affected: 4.2.0 Affected: 4.4.2 Affected: 4.3.0 Affected: 4.6.0 Affected: 4.4.4 Affected: 4.3.2 Affected: 4.1.2 Affected: 4.4.1 Affected: 4.5.0 Affected: 4.3.1 Affected: 4.7.0 Affected: 4.6.2 Affected: 4.7.1 Affected: 4.7.2 Affected: 4.8.0 Affected: 4.8.1 Affected: 4.9.0 Affected: 4.9.1 Affected: 4.10.0 Affected: 4.9.2 Affected: 4.11.0 Affected: 4.12.0 Affected: 4.12.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:25:48.384518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:26:01.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IoT Field Network Director (IoT-FND)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.3.2"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.0"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.9.0"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.10.0"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.11.0"
},
{
"status": "affected",
"version": "4.12.0"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.\r\n\r\nThis vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:57.113Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u"
}
],
"source": {
"advisory": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"defects": [
"CSCwm81015"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20167",
"datePublished": "2026-05-06T16:15:57.113Z",
"dateReserved": "2025-10-08T11:59:15.390Z",
"dateUpdated": "2026-05-06T17:26:01.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20169 (GCVE-0-2026-20169)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:26
VLAI
Title
Cisco IoT Field Network Director Command Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.
This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
Severity
6.4 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) |
Affected:
4.5.1
Affected: 4.4.3 Affected: 4.1.0 Affected: 4.1.3 Affected: 4.6.1 Affected: 4.1.1 Affected: 4.4.0 Affected: 4.2.0 Affected: 4.4.2 Affected: 4.3.0 Affected: 4.6.0 Affected: 4.4.4 Affected: 4.3.2 Affected: 4.1.2 Affected: 4.4.1 Affected: 4.5.0 Affected: 4.3.1 Affected: 4.7.0 Affected: 4.6.2 Affected: 4.7.1 Affected: 4.7.2 Affected: 4.8.0 Affected: 4.8.1 Affected: 4.9.0 Affected: 4.9.1 Affected: 4.10.0 Affected: 4.9.2 Affected: 4.11.0 Affected: 4.12.0 Affected: 4.12.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20169",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:26:38.558371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:26:55.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IoT Field Network Director (IoT-FND)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.3.2"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.0"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.9.0"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.10.0"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.11.0"
},
{
"status": "affected",
"version": "4.12.0"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.\r\n\r\nThis vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in\u0026nbsp;user EXEC mode on a remote router."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:48.405Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u"
}
],
"source": {
"advisory": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"defects": [
"CSCwm80968"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IoT Field Network Director Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20169",
"datePublished": "2026-05-06T16:15:48.405Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-05-06T17:26:55.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20168 (GCVE-0-2026-20168)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:59
VLAI
Title
Cisco IoT Field Network Director Path Traversal Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.
This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access.
Severity
6.5 (Medium)
CWE
- CWE-388 - Error Handling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) |
Affected:
4.5.1
Affected: 4.4.3 Affected: 4.1.0 Affected: 4.1.3 Affected: 4.6.1 Affected: 4.1.1 Affected: 4.4.0 Affected: 4.2.0 Affected: 4.4.2 Affected: 4.3.0 Affected: 4.6.0 Affected: 4.4.4 Affected: 4.3.2 Affected: 4.1.2 Affected: 4.4.1 Affected: 4.5.0 Affected: 4.3.1 Affected: 4.7.0 Affected: 4.6.2 Affected: 4.7.1 Affected: 4.7.2 Affected: 4.8.0 Affected: 4.8.1 Affected: 4.9.0 Affected: 4.9.1 Affected: 4.10.0 Affected: 4.9.2 Affected: 4.11.0 Affected: 4.12.0 Affected: 4.12.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:59:03.972223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:59:11.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IoT Field Network Director (IoT-FND)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.1.0"
},
{
"status": "affected",
"version": "4.1.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "4.4.0"
},
{
"status": "affected",
"version": "4.2.0"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.3.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.4.4"
},
{
"status": "affected",
"version": "4.3.2"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.5.0"
},
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.0"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.9.0"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.10.0"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.11.0"
},
{
"status": "affected",
"version": "4.12.0"
},
{
"status": "affected",
"version": "4.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.\r\n\r\nThis vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-388",
"description": "Error Handling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:48.379Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u"
}
],
"source": {
"advisory": "cisco-sa-iot-fnd-dos-n8N26Q4u",
"defects": [
"CSCwm81008"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IoT Field Network Director Path Traversal Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20168",
"datePublished": "2026-05-06T16:15:48.379Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-05-06T17:59:11.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20172 (GCVE-0-2026-20172)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:46
VLAI
Title
Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability
Summary
A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.
This vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks.
Severity
4.3 (Medium)
CWE
- CWE-646 - Reliance on File Name or Extension of Externally-Supplied File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Enterprise Chat and Email |
Affected:
11.6(1)_ES3
Affected: 11.6(1)_ES4 Affected: 12.0(1)_ES6 Affected: 11.6(1)_ES8 Affected: 12.0(1)_ES5a Affected: 11.6(1)_ES9 Affected: 12.0(1)_ES6_ET1 Affected: 11.6(1)_ES6 Affected: 11.6(1)_ES5 Affected: 12.5(1)_ET1 Affected: 12.5(1) Affected: 12.5(1)_ES3_ET1 Affected: 12.0(1)_ES3 Affected: 11.6(1)_ES11 Affected: 12.0(1)_ES4 Affected: 12.0(1)_ES5 Affected: 11.6(1)_ES2 Affected: 11.6(1)_ES9a Affected: 11.6(1)_ES10 Affected: 12.0(1)_ES1 Affected: 12.0(1) Affected: 12.5(1)_ES3 Affected: 12.6(1) Affected: 11.5(1) Affected: 12.0(1)_ES2 Affected: 11.6(1)_ES7 Affected: 12.5(1)_ES2 Affected: 12.6(1)_ET1 Affected: 11.6(1) Affected: 12.5(1)_ES1 Affected: 12.6(1)_ET2 Affected: 12.5(1)_ES3_ET2 Affected: 12.0(1)_ES6_ET2 Affected: 12.6(1)_ES1 Affected: 12.5(1)_ES4 Affected: 11.6(1)_ES12 Affected: 12.6(1)_ET3 Affected: 12.5(1)_ES4_ET1 Affected: 12.0(1)_ES6_ET3 Affected: 12.6(1)_ES1_ET1 Affected: 12.6(1)_ES2 Affected: 12.6_ES2_ET1 Affected: 12.5(1)_ES5 Affected: 12.6_ES2_ET2 Affected: 12.0(1)_ES7 Affected: 12.6_ES2_ET3 Affected: 12.0(1)_ES7_ET1 Affected: 12.5(1)_ES5_ET1 Affected: 12.6_ES2_ET4 Affected: 12.6(1)_ES3 Affected: 11.6(1)_ES12_ET1 Affected: 12.6_ES3_ET1 Affected: 12.5(1)_ES6 Affected: 12.6_ES3_ET2 Affected: 12.6(1)_ES4 Affected: 12.5(1)_ES7 Affected: 12.6(1)_ES4_ET1 Affected: 12.6(1)_ES5 Affected: 12.6(1)_ES5_ET1 Affected: 12.6(1)_ES5_ET2 Affected: 12.6(1)_ES6 Affected: 12.6(1)_ES6_ET1 Affected: 12.5(1)_ES8 Affected: 12.6(1)_ES6_ET2 Affected: 12.6(1)_ES7 Affected: 12.6(1)_ES8 Affected: 12.6(1)_ES4_ET2 Affected: 12.6(1)_ES3_ET3 Affected: 12.6(1)_ES2_ET5 Affected: 12.6(1)_ES1_ET2 Affected: 12.6(1)_ES8_ET1 Affected: 12.6(1)_ES7_ET1 Affected: 12.6(1)_ES6_ET3 Affected: 12.6(1)_ES5_ET3 Affected: 12.5(1)_ES8_ET1 Affected: 12.5(1)_ES3_ET3 Affected: 12.5(1)_ES5_ET2 Affected: 12.5(1)_ES6_ET1 Affected: 12.5(1)_ES4_ET2 Affected: 12.5(1)_ES7_ET1 Affected: 12.6(1)_ES8_ET2 Affected: 12.6(1)_ES9 Affected: 12.6(1)_ES9_ET1 Affected: 12.5(1)_ES9 Affected: 12.6(1)_ES9_ET2 Affected: 12.6(1)_ES9_ET3 Affected: 12.6(1)_ES10 Affected: 12.6(1)_ES10_ET1 Affected: 15.0(1) Affected: 12.6(1)_ES11 Affected: 15.0(1)_ET1 Affected: 15.0(1)ES202508 Affected: 12.6(1)_ES11_ET1 Affected: 12.6(1)_ES11_ET2 Affected: 12.6(1)_ES12 Affected: 15.0(1)ES202511 Affected: 12.6(1)_ES12_ET1 Affected: 15.0(1)ES202511_ET1 Affected: 12.5(1)_ES10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:45:56.726902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:46:04.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise Chat and Email",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES8"
},
{
"status": "affected",
"version": "12.0(1)_ES5a"
},
{
"status": "affected",
"version": "11.6(1)_ES9"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET1"
},
{
"status": "affected",
"version": "11.6(1)_ES6"
},
{
"status": "affected",
"version": "11.6(1)_ES5"
},
{
"status": "affected",
"version": "12.5(1)_ET1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES11"
},
{
"status": "affected",
"version": "12.0(1)_ES4"
},
{
"status": "affected",
"version": "12.0(1)_ES5"
},
{
"status": "affected",
"version": "11.6(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES9a"
},
{
"status": "affected",
"version": "11.6(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)_ES1"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES3"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES2"
},
{
"status": "affected",
"version": "11.6(1)_ES7"
},
{
"status": "affected",
"version": "12.5(1)_ES2"
},
{
"status": "affected",
"version": "12.6(1)_ET1"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES1"
},
{
"status": "affected",
"version": "12.6(1)_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES1"
},
{
"status": "affected",
"version": "12.5(1)_ES4"
},
{
"status": "affected",
"version": "11.6(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.0(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES2"
},
{
"status": "affected",
"version": "12.6_ES2_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5"
},
{
"status": "affected",
"version": "12.6_ES2_ET2"
},
{
"status": "affected",
"version": "12.0(1)_ES7"
},
{
"status": "affected",
"version": "12.6_ES2_ET3"
},
{
"status": "affected",
"version": "12.0(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6_ES2_ET4"
},
{
"status": "affected",
"version": "12.6(1)_ES3"
},
{
"status": "affected",
"version": "11.6(1)_ES12_ET1"
},
{
"status": "affected",
"version": "12.6_ES3_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES6"
},
{
"status": "affected",
"version": "12.6_ES3_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES4"
},
{
"status": "affected",
"version": "12.5(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES6"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES7"
},
{
"status": "affected",
"version": "12.6(1)_ES8"
},
{
"status": "affected",
"version": "12.6(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES2_ET5"
},
{
"status": "affected",
"version": "12.6(1)_ES1_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES6_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES5_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES8_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES3_ET3"
},
{
"status": "affected",
"version": "12.5(1)_ES5_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES6_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES4_ET2"
},
{
"status": "affected",
"version": "12.5(1)_ES7_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES8_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES9"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES9_ET3"
},
{
"status": "affected",
"version": "12.6(1)_ES10"
},
{
"status": "affected",
"version": "12.6(1)_ES10_ET1"
},
{
"status": "affected",
"version": "15.0(1)"
},
{
"status": "affected",
"version": "12.6(1)_ES11"
},
{
"status": "affected",
"version": "15.0(1)_ET1"
},
{
"status": "affected",
"version": "15.0(1)ES202508"
},
{
"status": "affected",
"version": "12.6(1)_ES11_ET1"
},
{
"status": "affected",
"version": "12.6(1)_ES11_ET2"
},
{
"status": "affected",
"version": "12.6(1)_ES12"
},
{
"status": "affected",
"version": "15.0(1)ES202511"
},
{
"status": "affected",
"version": "12.6(1)_ES12_ET1"
},
{
"status": "affected",
"version": "15.0(1)ES202511_ET1"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent.\r\n\r\nThis vulnerability is due to inadequate validation of file contents during file upload operations. An attacker could exploit this vulnerability by uploading a file that contains malicious scripts or HTML code, which the application could make available to other users to access. A successful exploit could allow the attacker to execute the contents of that file in the browser of a user and conduct browser-based attacks.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-646",
"description": "Reliance on File Name or Extension of Externally-Supplied File",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:37.789Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ece-lite-agent-BCgSN8eb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-lite-agent-BCgSN8eb"
}
],
"source": {
"advisory": "cisco-sa-ece-lite-agent-BCgSN8eb",
"defects": [
"CSCws79262"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20172",
"datePublished": "2026-05-06T16:15:37.789Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-05-06T17:46:04.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20188 (GCVE-0-2026-20188)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-14 16:30
VLAI
Title
Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Summary
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT).
Upon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability.
Severity
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Crosswork Network Change Automation |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:46:35.111544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:12.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cisco Crosswork Network Change Automation",
"vendor": "Cisco"
}
],
"descriptions": [
{
"lang": "en",
"value": "Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator (NSO), additional information has been made available to the Cisco Product Security Incident Response Team (PSIRT).\r\n\r\nUpon further analysis, the Cisco PSIRT has reclassified this issue as a customer-configurable, resource management issue rather than a security vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements regarding the content of this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:30:22.826Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nso-dos-7Egqyc",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-dos-7Egqyc"
}
],
"source": {
"advisory": "cisco-sa-nso-dos-7Egqyc",
"defects": [
"CSCwr08237"
],
"discovery": "INTERNAL"
},
"title": "Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20188",
"datePublished": "2026-05-06T16:15:37.396Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-05-14T16:30:22.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20189 (GCVE-0-2026-20189)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco Prime Infrastructure Information Disclosure Vulnerability
Summary
A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to download arbitrary log files from the server.
This vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access.
To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
Severity
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Prime Infrastructure |
Affected:
3.6.0
Affected: 3.7.0 Affected: 3.4.0 Affected: 3.3.0 Affected: 3.5.0 Affected: 3.2.0-FIPS Affected: 3.8.0-FED Affected: 3.9.0 Affected: 3.8.0 Affected: 3.10.0 Affected: 3.9.1 Affected: 3.8.1 Affected: 3.7.1 Affected: 3.5.1 Affected: 3.4.2 Affected: 3.3.1 Affected: 3.2.1 Affected: 3.2.2 Affected: 3.4.1 Affected: 3.10.2 Affected: 3.10.3 Affected: 3.10 Affected: 3.10.1 Affected: 3.7.1 Update 03 Affected: 3.7.1 Update 04 Affected: 3.7.1 Update 06 Affected: 3.7.1 Update 07 Affected: 3.8.1 Update 01 Affected: 3.8.1 Update 02 Affected: 3.8.1 Update 03 Affected: 3.8.1 Update 04 Affected: 3.9.1 Update 01 Affected: 3.9.1 Update 02 Affected: 3.9.1 Update 03 Affected: 3.9.1 Update 04 Affected: 3.10 Update 01 Affected: 3.4.2 Update 01 Affected: 3.6.0 Update 04 Affected: 3.6.0 Update 02 Affected: 3.6.0 Update 03 Affected: 3.6.0 Update 01 Affected: 3.5.1 Update 03 Affected: 3.5.1 Update 01 Affected: 3.5.1 Update 02 Affected: 3.7.0 Update 03 Affected: 3.8.0 Update 01 Affected: 3.8.0 Update 02 Affected: 3.7.1 Update 01 Affected: 3.7.1 Update 02 Affected: 3.7.1 Update 05 Affected: 3.9.0 Update 01 Affected: 3.3.0 Update 01 Affected: 3.4.1 Update 02 Affected: 3.4.1 Update 01 Affected: 3.5.0 Update 03 Affected: 3.5.0 Update 01 Affected: 3.5.0 Update 02 Affected: 3.10.4 Affected: 3.10.4 Update 01 Affected: 3.10.4 Update 02 Affected: 3.10.4 Update 03 Affected: 3.10.5 Affected: 3.10.6 Affected: 3.10.6 Update 01 Affected: 3.10.6 Update 02 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:46:03.705407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:19.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Prime Infrastructure",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.6.0"
},
{
"status": "affected",
"version": "3.7.0"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.2.0-FIPS"
},
{
"status": "affected",
"version": "3.8.0-FED"
},
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.8.0"
},
{
"status": "affected",
"version": "3.10.0"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.4.2"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.10"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.7.1 Update 03"
},
{
"status": "affected",
"version": "3.7.1 Update 04"
},
{
"status": "affected",
"version": "3.7.1 Update 06"
},
{
"status": "affected",
"version": "3.7.1 Update 07"
},
{
"status": "affected",
"version": "3.8.1 Update 01"
},
{
"status": "affected",
"version": "3.8.1 Update 02"
},
{
"status": "affected",
"version": "3.8.1 Update 03"
},
{
"status": "affected",
"version": "3.8.1 Update 04"
},
{
"status": "affected",
"version": "3.9.1 Update 01"
},
{
"status": "affected",
"version": "3.9.1 Update 02"
},
{
"status": "affected",
"version": "3.9.1 Update 03"
},
{
"status": "affected",
"version": "3.9.1 Update 04"
},
{
"status": "affected",
"version": "3.10 Update 01"
},
{
"status": "affected",
"version": "3.4.2 Update 01"
},
{
"status": "affected",
"version": "3.6.0 Update 04"
},
{
"status": "affected",
"version": "3.6.0 Update 02"
},
{
"status": "affected",
"version": "3.6.0 Update 03"
},
{
"status": "affected",
"version": "3.6.0 Update 01"
},
{
"status": "affected",
"version": "3.5.1 Update 03"
},
{
"status": "affected",
"version": "3.5.1 Update 01"
},
{
"status": "affected",
"version": "3.5.1 Update 02"
},
{
"status": "affected",
"version": "3.7.0 Update 03"
},
{
"status": "affected",
"version": "3.8.0 Update 01"
},
{
"status": "affected",
"version": "3.8.0 Update 02"
},
{
"status": "affected",
"version": "3.7.1 Update 01"
},
{
"status": "affected",
"version": "3.7.1 Update 02"
},
{
"status": "affected",
"version": "3.7.1 Update 05"
},
{
"status": "affected",
"version": "3.9.0 Update 01"
},
{
"status": "affected",
"version": "3.3.0 Update 01"
},
{
"status": "affected",
"version": "3.4.1 Update 02"
},
{
"status": "affected",
"version": "3.4.1 Update 01"
},
{
"status": "affected",
"version": "3.5.0 Update 03"
},
{
"status": "affected",
"version": "3.5.0 Update 01"
},
{
"status": "affected",
"version": "3.5.0 Update 02"
},
{
"status": "affected",
"version": "3.10.4"
},
{
"status": "affected",
"version": "3.10.4 Update 01"
},
{
"status": "affected",
"version": "3.10.4 Update 02"
},
{
"status": "affected",
"version": "3.10.4 Update 03"
},
{
"status": "affected",
"version": "3.10.5"
},
{
"status": "affected",
"version": "3.10.6"
},
{
"status": "affected",
"version": "3.10.6 Update 01"
},
{
"status": "affected",
"version": "3.10.6 Update 02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an\u0026nbsp;authenticated, remote attacker to download arbitrary log files from the server.\r\n\r\nThis vulnerability is due to insufficient authorization checks on the download service API. An attacker could exploit this vulnerability by submitting a crafted URL request to an affected device. A successful exploit could allow the attacker to download sensitive log files that they would otherwise not have authorization to access.\r\nTo exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:24.551Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-pi-unauth-infodiscl-LFnLgmey",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-unauth-infodiscl-LFnLgmey"
}
],
"source": {
"advisory": "cisco-sa-pi-unauth-infodiscl-LFnLgmey",
"defects": [
"CSCwr43176"
],
"discovery": "INTERNAL"
},
"title": "Cisco Prime Infrastructure Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20189",
"datePublished": "2026-05-06T16:15:24.551Z",
"dateReserved": "2025-10-08T11:59:15.395Z",
"dateUpdated": "2026-05-06T17:48:19.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20185 (GCVE-0-2026-20185)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability
Summary
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.
This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
Severity
7.7 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Small Business Smart and Managed Switches |
Affected:
2.5.9.54
Affected: 2.5.9.55 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:36:31.829064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:26.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Small Business Smart and Managed Switches",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.5.9.54"
},
{
"status": "affected",
"version": "2.5.9.55"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:23.838Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
}
],
"source": {
"advisory": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
"defects": [
"CSCwt39853"
],
"discovery": "EXTERNAL"
},
"title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20185",
"datePublished": "2026-05-06T16:15:23.838Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-05-06T17:48:26.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20193 (GCVE-0-2026-20193)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco Identity Services Engine Authentication Bypass Vulnerability
Summary
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.
This vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized read access to sensitive RADIUS Policy details that are restricted for their role.
Severity
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
3.3.0
Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3 Affected: 3.5.0 Affected: 3.4 Patch 4 Affected: 3.3 Patch 8 Affected: 3.5 Patch 1 Affected: 3.3 Patch 9 Affected: 3.4 Patch 5 Affected: 3.5 Patch 3 Affected: 3.5 Patch 2 Affected: 3.3 Patch 10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:35:13.146938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:32.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.4 Patch 5"
},
{
"status": "affected",
"version": "3.5 Patch 3"
},
{
"status": "affected",
"version": "3.5 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an\u0026nbsp;authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper role-based access control (RBAC) permissions on the RADIUS Policy API endpoints. An attacker could exploit this vulnerability by bypassing the web-based management interface and directly calling an affected endpoint. A successful exploit could allow the attacker to gain unauthorized\u0026nbsp;read access to sensitive RADIUS Policy details that are restricted for their role."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:15:16.835Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-unauth-bypass-uxjRXGpb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb"
}
],
"source": {
"advisory": "cisco-sa-ise-unauth-bypass-uxjRXGpb",
"defects": [
"CSCwr77441"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20193",
"datePublished": "2026-05-06T16:15:16.835Z",
"dateReserved": "2025-10-08T11:59:15.395Z",
"dateUpdated": "2026-05-06T17:48:32.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20195 (GCVE-0-2026-20195)
Vulnerability from cvelistv5 – Published: 2026-05-06 16:14 – Updated: 2026-05-06 17:48
VLAI
Title
Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
Summary
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.
This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system.
Severity
5.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
3.3.0
Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3 Affected: 3.5.0 Affected: 3.4 Patch 4 Affected: 3.3 Patch 8 Affected: 3.5 Patch 1 Affected: 3.3 Patch 9 Affected: 3.4 Patch 5 Affected: 3.5 Patch 3 Affected: 3.5 Patch 2 Affected: 3.3 Patch 10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T17:34:47.638851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T17:48:38.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.4 Patch 5"
},
{
"status": "affected",
"version": "3.5 Patch 3"
},
{
"status": "affected",
"version": "3.5 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device.\r\n\r\nThis vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exploit this vulnerability by sending a series of crafted requests to the affected endpoint and analyzing the differentiated responses. A successful exploit could allow the attacker to compile a list of valid usernames on an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "Observable Response Discrepancy",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T16:14:54.611Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-unauth-bypass-uxjRXGpb",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-bypass-uxjRXGpb"
}
],
"source": {
"advisory": "cisco-sa-ise-unauth-bypass-uxjRXGpb",
"defects": [
"CSCwr77445"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Observable Response Discrepancy Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20195",
"datePublished": "2026-05-06T16:14:54.611Z",
"dateReserved": "2025-10-08T11:59:15.396Z",
"dateUpdated": "2026-05-06T17:48:38.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20136 (GCVE-0-2026-20136)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:11 – Updated: 2026-04-16 03:55
VLAI
Title
Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability
Summary
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.
This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.
Severity
6 (Medium)
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
3.1.0
Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p2 Affected: 3.2.0 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.2.0 p1 Affected: 3.1.0 p6 Affected: 3.2.0 p2 Affected: 3.1.0 p7 Affected: 3.3.0 Affected: 3.2.0 p3 Affected: 3.2.0 p4 Affected: 3.1.0 p8 Affected: 3.2.0 p5 Affected: 3.2.0 p6 Affected: 3.1.0 p9 Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.2.0 p7 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.1.0 p10 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3 Affected: 3.5.0 Affected: 3.4 Patch 4 Affected: 3.3 Patch 8 Affected: 3.2 Patch 8 Affected: 3.5 Patch 1 Affected: 3.3 Patch 9 Affected: 3.2 Patch 9 Affected: 3.4 Patch 5 Affected: 3.5 Patch 2 Affected: 3.3 Patch 10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:30.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.2 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.2 Patch 9"
},
{
"status": "affected",
"version": "3.4 Patch 5"
},
{
"status": "affected",
"version": "3.5 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the\u0026nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:29.398Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-cmd-inj-5WSJcYJB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB"
}
],
"source": {
"advisory": "cisco-sa-ise-cmd-inj-5WSJcYJB",
"defects": [
"CSCwp98770"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20136",
"datePublished": "2026-04-15T16:11:29.398Z",
"dateReserved": "2025-10-08T11:59:15.381Z",
"dateUpdated": "2026-04-16T03:55:30.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20059 (GCVE-0-2026-20059)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:11 – Updated: 2026-04-15 16:56
VLAI
Title
Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Severity
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
14
Affected: 14SU1 Affected: 14SU2 Affected: 14SU3 Affected: 14SU3a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 15SU2 Affected: 15SU3 Affected: 14SU5 Affected: 15SU4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:41:31.162559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:33.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
},
{
"status": "affected",
"version": "15SU4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:22.828Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36822"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20059",
"datePublished": "2026-04-15T16:11:22.828Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:33.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20061 (GCVE-0-2026-20061)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:11 – Updated: 2026-04-15 16:56
VLAI
Title
Cisco Unity Connection SQL Injection Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.
Severity
4.3 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
14
Affected: 14SU1 Affected: 14SU2 Affected: 14SU3 Affected: 14SU3a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 15SU2 Affected: 15SU3 Affected: 14SU5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:14.106646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:20.865Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36796"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20061",
"datePublished": "2026-04-15T16:11:20.865Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:34.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20060 (GCVE-0-2026-20060)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:11 – Updated: 2026-04-15 16:56
VLAI
Title
Cisco Unity Connection Open Redirect Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.
Severity
4.7 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unity Connection |
Affected:
14
Affected: 14SU1 Affected: 14SU2 Affected: 14SU3 Affected: 14SU3a Affected: 15 Affected: 15SU1 Affected: 14SU4 Affected: 15SU2 Affected: 15SU3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:33.155641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:20.842Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36828"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20060",
"datePublished": "2026-04-15T16:11:20.842Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:34.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20170 (GCVE-0-2026-20170)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:10 – Updated: 2026-04-15 16:56
VLAI
Summary
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed.
This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.
Severity
6.1 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Webex Contact Center |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:50.336172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Contact Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed.\r\n\r This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:10:03.920Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webexcc-xss-WEX5nUnA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA"
}
],
"source": {
"advisory": "cisco-sa-webexcc-xss-WEX5nUnA",
"defects": [
"CSCwt50296"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20170",
"datePublished": "2026-04-15T16:10:03.920Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-04-15T16:56:34.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20184 (GCVE-0-2026-20184)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 19:07
VLAI
Title
Cisco Webex Meetings Certificate Validation Vulnerability
Summary
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
Severity
9.8 (Critical)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Webex Meetings |
Affected:
39.7.7
Affected: 39.9 Affected: 40.4.10 Affected: 39.6 Affected: 40.6.2 Affected: 39.8.2 Affected: 39.8.4 Affected: 40.1 Affected: 39.11 Affected: 39.7.4 Affected: 39.9.1 Affected: 40.4 Affected: 40.6 Affected: 39.7 Affected: 39.8 Affected: 39.8.3 Affected: 40.2 Affected: 39.10 Affected: 42.6 Affected: 42.7 Affected: 42.8 Affected: 42.9 Affected: 42.10 Affected: 42.11 Affected: 42.12 Affected: 43.1 Affected: 43.2 Affected: 43.3 Affected: 43.4 Affected: 43.4.1 Affected: 43.4.2 Affected: 43.5.0 Affected: 43.6.0 Affected: 43.6.1 Affected: 43.7 Affected: 43.8 Affected: 43.9 Affected: 43.10 Affected: 43.11 Affected: 43.12 Affected: 44.1 Affected: 44.2 Affected: 44.3 Affected: 44.4 Affected: 44.5 Affected: 44.6 Affected: 44.7 Affected: 44.8 Affected: 44.9 Affected: 44.10 Affected: 44.11 Affected: 44.12 Affected: 45.1 Affected: 45.2 Affected: 45.3 Affected: 45.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:32.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Webex Meetings",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "39.7.7"
},
{
"status": "affected",
"version": "39.9"
},
{
"status": "affected",
"version": "40.4.10"
},
{
"status": "affected",
"version": "39.6"
},
{
"status": "affected",
"version": "40.6.2"
},
{
"status": "affected",
"version": "39.8.2"
},
{
"status": "affected",
"version": "39.8.4"
},
{
"status": "affected",
"version": "40.1"
},
{
"status": "affected",
"version": "39.11"
},
{
"status": "affected",
"version": "39.7.4"
},
{
"status": "affected",
"version": "39.9.1"
},
{
"status": "affected",
"version": "40.4"
},
{
"status": "affected",
"version": "40.6"
},
{
"status": "affected",
"version": "39.7"
},
{
"status": "affected",
"version": "39.8"
},
{
"status": "affected",
"version": "39.8.3"
},
{
"status": "affected",
"version": "40.2"
},
{
"status": "affected",
"version": "39.10"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.1"
},
{
"status": "affected",
"version": "43.4.2"
},
{
"status": "affected",
"version": "43.5.0"
},
{
"status": "affected",
"version": "43.6.0"
},
{
"status": "affected",
"version": "43.6.1"
},
{
"status": "affected",
"version": "43.7"
},
{
"status": "affected",
"version": "43.8"
},
{
"status": "affected",
"version": "43.9"
},
{
"status": "affected",
"version": "43.10"
},
{
"status": "affected",
"version": "43.11"
},
{
"status": "affected",
"version": "43.12"
},
{
"status": "affected",
"version": "44.1"
},
{
"status": "affected",
"version": "44.2"
},
{
"status": "affected",
"version": "44.3"
},
{
"status": "affected",
"version": "44.4"
},
{
"status": "affected",
"version": "44.5"
},
{
"status": "affected",
"version": "44.6"
},
{
"status": "affected",
"version": "44.7"
},
{
"status": "affected",
"version": "44.8"
},
{
"status": "affected",
"version": "44.9"
},
{
"status": "affected",
"version": "44.10"
},
{
"status": "affected",
"version": "44.11"
},
{
"status": "affected",
"version": "44.12"
},
{
"status": "affected",
"version": "45.1"
},
{
"status": "affected",
"version": "45.2"
},
{
"status": "affected",
"version": "45.3"
},
{
"status": "affected",
"version": "45.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:07:14.461Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-cui-cert-8jSZYhWL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL"
}
],
"source": {
"advisory": "cisco-sa-webex-cui-cert-8jSZYhWL",
"defects": [
"CSCwt37111"
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Meetings Certificate Validation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20184",
"datePublished": "2026-04-15T16:03:59.646Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-04-16T19:07:14.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20180 (GCVE-0-2026-20180)
Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 03:55
VLAI
Title
Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability
Summary
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
Severity
9.9 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Affected:
3.1.0
Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p2 Affected: 3.2.0 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.2.0 p1 Affected: 3.1.0 p6 Affected: 3.2.0 p2 Affected: 3.1.0 p7 Affected: 3.3.0 Affected: 3.2.0 p3 Affected: 3.2.0 p4 Affected: 3.1.0 p8 Affected: 3.2.0 p5 Affected: 3.2.0 p6 Affected: 3.1.0 p9 Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.2.0 p7 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.1.0 p10 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3 Affected: 3.5.0 Affected: 3.2 Patch 8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:33.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.2 Patch 8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to\u0026nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:51.335Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-rce-4fverepv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv"
}
],
"source": {
"advisory": "cisco-sa-ise-rce-4fverepv",
"defects": [
"CSCwq22993"
],
"discovery": "INTERNAL"
},
"title": "Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20180",
"datePublished": "2026-04-15T16:03:51.335Z",
"dateReserved": "2025-10-08T11:59:15.393Z",
"dateUpdated": "2026-04-16T03:55:33.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}