{"id":"CVE-2026-20129","details":"A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.\r\n\r\nThe vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. ","modified":"2026-03-13T04:03:04.158452Z","published":"2026-02-25T17:25:30.343Z","references":[{"type":"ADVISORY","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"20.9.8.2"}]},{"events":[{"introduced":"20.11"},{"fixed":"20.12.5.3"}]},{"events":[{"introduced":"20.13"},{"fixed":"20.15.4.2"}]},{"events":[{"introduced":"20.16"},{"fixed":"20.18"}]},{"events":[{"introduced":"0"},{"last_affected":"20.12.6"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-20129.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}