THREAT OPS › CVEs › CVE-2026-20128
CVE-2026-20128 — Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
Vulnerability details
- Affected productsCatalyst SD-WAN Manager
- KEV remediation due2026-04-23
Related reporting
- Cisco Catalyst SD-WAN Vulnerabilitiescisco_psirt
- April 2026 CVE Landscaperecordedfuture