CVE-2026-20209: Logging of Excessive Data in Cisco Cisco Catalyst SD-WAN Manager
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.
AI Analysis
Technical Summary
This vulnerability in Cisco Catalyst SD-WAN Manager's web UI allows an authenticated user with read-only access to escalate privileges to a high-privileged user by exploiting the logging of sensitive session information in audit logs. The issue arises from excessive data being recorded, which can be leveraged to elevate permissions and perform high-privilege actions. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and limited confidentiality and integrity impact. The vulnerability is present in many versions of the product, but no patch or official fix has been documented in the provided data.
Potential Impact
An attacker with authenticated read-only access to Cisco Catalyst SD-WAN Manager could exploit this vulnerability to gain high-privileged user capabilities, potentially allowing unauthorized actions within the system. The confidentiality and integrity of the system could be compromised, but availability is not affected. There are no known exploits in the wild, and the impact is limited to environments where an attacker already has read-only access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should carefully control and monitor access to Cisco Catalyst SD-WAN Manager, limiting read-only user permissions and audit log access to trusted personnel only. No vendor advisory or patch links are currently available to indicate an official fix or temporary mitigation.
CVE-2026-20209: Logging of Excessive Data in Cisco Cisco Catalyst SD-WAN Manager
Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Cisco Catalyst SD-WAN Manager's web UI allows an authenticated user with read-only access to escalate privileges to a high-privileged user by exploiting the logging of sensitive session information in audit logs. The issue arises from excessive data being recorded, which can be leveraged to elevate permissions and perform high-privilege actions. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and limited confidentiality and integrity impact. The vulnerability is present in many versions of the product, but no patch or official fix has been documented in the provided data.
Potential Impact
An attacker with authenticated read-only access to Cisco Catalyst SD-WAN Manager could exploit this vulnerability to gain high-privileged user capabilities, potentially allowing unauthorized actions within the system. The confidentiality and integrity of the system could be compromised, but availability is not affected. There are no known exploits in the wild, and the impact is limited to environments where an attacker already has read-only access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, organizations should carefully control and monitor access to Cisco Catalyst SD-WAN Manager, limiting read-only user permissions and audit log access to trusted personnel only. No vendor advisory or patch links are currently available to indicate an official fix or temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- cisco
- Date Reserved
- 2025-10-08T11:59:15.398Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05fd9fec166c07b0f93168
Added to database: 5/14/2026, 4:51:43 PM
Last enriched: 5/14/2026, 5:08:36 PM
Last updated: 5/15/2026, 6:28:21 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.