ID

VAR-202605-6706


CVE

CVE-2026-20224


TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606

DESCRIPTION

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system. - No rewriting will occur to the information handled by the software. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2026-20224 // JVNDB: JVNDB-2026-021606

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:26.1.1.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.15.4.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.12.5.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.12.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.16

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.15.5

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.18.2.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:26.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.12.7

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.10

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.13

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.9.9.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.15.5.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.12.6.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.16 that's all 20.18.2.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.13 that's all 20.15.4.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.15.5 that's all 20.15.5.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.12.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.12.6 that's all 20.12.6.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.9.9.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:20.10 that's all 20.12.5.4

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope:eqversion:26.1 that's all 26.1.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606 // NVD: CVE-2026-20224

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20224
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-021606
value: HIGH

Trust: 0.8

psirt@cisco.com: CVE-2026-20224
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-021606
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606 // NVD: CVE-2026-20224

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606 // NVD: CVE-2026-20224

PATCH

title:Cisco Catalyst SD-WAN Manager Vulnerabilitiesurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606

EXTERNAL IDS

db:NVDid:CVE-2026-20224

Trust: 2.6

db:JVNDBid:JVNDB-2026-021606

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606 // NVD: CVE-2026-20224

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-rpa-ehchtzk

Trust: 1.0

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-mltvnps2-jxpwm7r

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-20224

Trust: 0.8

sources: JVNDB: JVNDB-2026-021606 // NVD: CVE-2026-20224

SOURCES

db:JVNDBid:JVNDB-2026-021606
db:NVDid:CVE-2026-20224

LAST UPDATE DATE

2026-07-04T23:42:29.263000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021606date:2026-06-30T02:22:00
db:NVDid:CVE-2026-20224date:2026-06-29T14:51:28.800

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021606date:2026-06-30T00:00:00
db:NVDid:CVE-2026-20224date:2026-05-14T17:16:20.353