AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 19, 2026CVE-2026-20122

Summary

Cisco Catalyst SD-WAN Manager has a vulnerability where improper handling of files on its API interface allows attackers to upload malicious files and overwrite arbitrary files on the system, potentially gaining vmanage (virtual management) user privileges. This vulnerability is currently being actively exploited in the wild. The issue stems from incorrect use of privileged APIs (special functions that have elevated permissions to perform sensitive operations).

Solution / Mitigation

According to CISA, organizations should adhere to CISA Emergency Directive 26-03 to assess exposure and mitigate risks on Cisco SD-WAN devices, follow CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices, and apply applicable BOD 22-01 guidance for cloud services. If mitigations are not available, discontinue use of the product. The due date for completing these actions is 2026-04-23.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 19, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-648

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-20122

First tracked: April 20, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%