cvedb.io
CVE-2026-20224
HIGH · CVSS 8.6
EPSS exploitation probability: 0%
Published 2026-05-14T17:16:20.353 · Last modified 2026-06-29T14:51:28.800

Summary

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system.

Affected products

cisco — catalyst_sd-wan_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.