CVE-2026-20224

EPSS 0.03%
Veröffentlicht 14.05.2026 16:08:46
Zuletzt bearbeitet 14.05.2026 17:19:57
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials.

This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Catalyst SD-WAN Manager

Default Statusunknown

Version 20.1.12

Status affected

Version 19.2.1

Status affected

Version 18.4.4

Status affected

Version 18.4.5

Status affected

Version 20.1.1.1

Status affected

Version 20.1.1

Status affected

Version 19.3.0

Status affected

Version 19.2.2

Status affected

Version 19.2.099

Status affected

Version 18.3.6

Status affected

Version 18.3.7

Status affected

Version 19.2.0

Status affected

Version 18.3.8

Status affected

Version 19.0.0

Status affected

Version 19.1.0

Status affected

Version 18.4.302

Status affected

Version 18.4.303

Status affected

Version 19.2.097

Status affected

Version 19.2.098

Status affected

Version 17.2.10

Status affected

Version 18.3.6.1

Status affected

Version 19.0.1a

Status affected

Version 18.2.0

Status affected

Version 18.4.3

Status affected

Version 18.4.1

Status affected

Version 17.2.8

Status affected

Version 18.3.3.1

Status affected

Version 18.4.0

Status affected

Version 18.3.1

Status affected

Version 17.2.6

Status affected

Version 17.2.9

Status affected

Version 18.3.4

Status affected

Version 17.2.5

Status affected

Version 18.3.1.1

Status affected

Version 18.3.5

Status affected

Version 18.4.0.1

Status affected

Version 18.3.3

Status affected

Version 17.2.7

Status affected

Version 17.2.4

Status affected

Version 18.3.0

Status affected

Version 19.2.3

Status affected

Version 18.4.501_ES

Status affected

Version 20.3.1

Status affected

Version 20.1.2

Status affected

Version 19.2.929

Status affected

Version 19.2.31

Status affected

Version 20.3.2

Status affected

Version 19.2.32

Status affected

Version 20.3.2_925

Status affected

Version 20.3.2.1

Status affected

Version 20.3.2.1_927

Status affected

Version 18.4.6

Status affected

Version 20.1.2_937

Status affected

Version 20.4.1

Status affected

Version 20.3.2_928

Status affected

Version 20.3.2_929

Status affected

Version 20.4.1.0.1

Status affected

Version 20.3.2.1_930

Status affected

Version 19.2.4

Status affected

Version 20.5.0.1.1

Status affected

Version 20.4.1.1

Status affected

Version 20.3.3

Status affected

Version 19.2.4.0.1

Status affected

Version 20.3.2_937

Status affected

Version 20.3.3.1

Status affected

Version 20.5.1

Status affected

Version 20.1.3

Status affected

Version 20.3.3.0.4

Status affected

Version 20.3.3.1.2

Status affected

Version 20.3.3.1.1

Status affected

Version 20.4.1.2

Status affected

Version 20.3.3.0.2

Status affected

Version 20.4.1.1.5

Status affected

Version 20.4.1.0.01

Status affected

Version 20.4.1.0.02

Status affected

Version 20.3.3.1.7

Status affected

Version 20.3.3.1.5

Status affected

Version 20.5.1.0.1

Status affected

Version 20.3.3.1.10

Status affected

Version 20.3.3.0.8

Status affected

Version 20.4.2

Status affected

Version 20.4.2.0.1

Status affected

Version 20.3.4

Status affected

Version 20.3.3.0.14

Status affected

Version 19.2.4.0.8

Status affected

Version 19.2.4.0.9

Status affected

Version 20.3.4.0.1

Status affected

Version 20.3.2.0.5

Status affected

Version 20.6.1

Status affected

Version 20.5.1.0.2

Status affected

Version 20.3.3.0.17

Status affected

Version 20.6.1.1

Status affected

Version 20.6.0.18.3

Status affected

Version 20.3.2.0.6

Status affected

Version 20.6.0.18.4

Status affected

Version 20.4.2.0.2

Status affected

Version 20.3.3.0.16

Status affected

Version 20.3.4.0.5

Status affected

Version 20.6.1.0.1

Status affected

Version 20.3.4.0.6

Status affected

Version 20.6.2

Status affected

Version 20.7.1EFT2

Status affected

Version 20.3.4.0.9

Status affected

Version 20.3.4.0.11

Status affected

Version 20.4.2.0.4

Status affected

Version 20.3.3.0.18

Status affected

Version 20.7.1

Status affected

Version 20.6.2.1

Status affected

Version 20.3.4.1

Status affected

Version 20.5.1.1

Status affected

Version 20.4.2.1

Status affected

Version 20.4.2.1.1

Status affected

Version 20.3.4.1.1

Status affected

Version 20.3.813

Status affected

Version 20.3.4.0.19

Status affected

Version 20.4.2.2.1

Status affected

Version 20.5.1.2

Status affected

Version 20.3.4.2

Status affected

Version 20.3.814

Status affected

Version 20.4.2.2

Status affected

Version 20.6.2.2

Status affected

Version 20.3.4.2.1

Status affected

Version 20.7.1.1

Status affected

Version 20.3.4.1.2

Status affected

Version 20.6.2.2.2

Status affected

Version 20.3.4.0.20

Status affected

Version 20.6.2.2.3

Status affected

Version 20.4.2.2.2

Status affected

Version 20.3.5

Status affected

Version 20.6.2.0.4

Status affected

Version 20.4.2.2.3

Status affected

Version 20.3.4.0.24

Status affected

Version 20.6.2.2.7

Status affected

Version 20.6.3

Status affected

Version 20.3.4.2.2

Status affected

Version 20.4.2.2.4

Status affected

Version 20.7.1.0.2

Status affected

Version 20.8.1

Status affected

Version 20.3.5.0.8

Status affected

Version 20.3.5.0.9

Status affected

Version 20.4.2.2.8

Status affected

Version 20.3.5.0.7

Status affected

Version 20.6.3.0.7

Status affected

Version 20.6.3.0.5

Status affected

Version 20.6.3.0.10

Status affected

Version 20.6.3.0.2

Status affected

Version 20.7.2

Status affected

Version 20.9.1EFT2

Status affected

Version 20.6.3.0.11

Status affected

Version 20.6.3.1

Status affected

Version 20.6.3.0.14

Status affected

Version 20.6.4

Status affected

Version 20.9.1

Status affected

Version 20.6.3.0.19

Status affected

Version 20.6.3.0.18

Status affected

Version 20.3.6

Status affected

Version 20.9.1.1

Status affected

Version 20.6.3.0.23

Status affected

Version 20.6.4.0.4

Status affected

Version 20.6.3.0.25

Status affected

Version 20.6.5

Status affected

Version 20.6.3.0.27

Status affected

Version 20.9.2

Status affected

Version 20.9.2.1

Status affected

Version 20.6.3.0.29

Status affected

Version 20.6.3.0.31

Status affected

Version 20.6.3.0.32

Status affected

Version 20.10.1

Status affected

Version 20.6.3.0.33

Status affected

Version 20.9.2.0.01

Status affected

Version 20.9.1_LI_Images

Status affected

Version 20.10.1_LI_Images

Status affected

Version 20.9.2_LI_Images

Status affected

Version 20.3.7

Status affected

Version 20.9.3

Status affected

Version 20.6.5.1

Status affected

Version 20.11.1

Status affected

Version 20.11.1_LI_Images

Status affected

Version 20.9.3_LI_ Images

Status affected

Version 20.6.3.1.1

Status affected

Version 20.9.3.0.2

Status affected

Version 20.6.5.1.2

Status affected

Version 20.9.3.0.3

Status affected

Version 20.4.2.3

Status affected

Version 20.6.3.2

Status affected

Version 20.6.4.1

Status affected

Version 20.6.3.0.38

Status affected

Version 20.6.3.0.39

Status affected

Version 20.3.5.1

Status affected

Version 20.3.4.3

Status affected

Version 20.9.3.1

Status affected

Version 20.3.3.2

Status affected

Version 20.6.5.2

Status affected

Version 20.3.7.1

Status affected

Version 20.10.1.1

Status affected

Version 20.6.5.2.1

Status affected

Version 20.3.4.0.25

Status affected

Version 20.6.2.2.4

Status affected

Version 20.6.1.2

Status affected

Version 20.11.1.1

Status affected

Version 20.9.3.0.5

Status affected

Version 20.3.4.0.26

Status affected

Version 20.6.5.1.3

Status affected

Version 20.6.3.0.40

Status affected

Version 20.1.3.1

Status affected

Version 20.9.2.2

Status affected

Version 20.6.5.2.3

Status affected

Version 20.6.5.1.4

Status affected

Version 20.6.5.3

Status affected

Version 20.6.3.0.41

Status affected

Version 20.9.3.0.7

Status affected

Version 20.6.5.1.5

Status affected

Version 20.9.3.0.4

Status affected

Version 20.6.4.0.19

Status affected

Version 20.6.5.1.6

Status affected

Version 20.9.3.0.8

Status affected

Version 20.6.3.3

Status affected

Version 20.3.7.2

Status affected

Version 20.6.5.4

Status affected

Version 20.6.5.1.7

Status affected

Version 20.9.3.0.12

Status affected

Version 20.6.4.2

Status affected

Version 20.6.5.5

Status affected

Version 20.9.3.2

Status affected

Version 20.11.1.2

Status affected

Version 20.6.3.4

Status affected

Version 20.10.1.2

Status affected

Version 20.6.5.1.9

Status affected

Version 20.9.3.0.16

Status affected

Version 20.6.3.0.45

Status affected

Version 20.6.5.1.10

Status affected

Version 20.9.3.0.17

Status affected

Version 20.6.5.2.4

Status affected

Version 20.6.4.0.21

Status affected

Version 20.9.3.0.18

Status affected

Version 20.6.3.0.46

Status affected

Version 20.6.3.0.47

Status affected

Version 20.9.2.3

Status affected

Version 20.9.3.2_LI_Images

Status affected

Version 20.9.3.0.21

Status affected

Version 20.9.3.0.20

Status affected

Version 20.9.4_LI_Images

Status affected

Version 20.9.4

Status affected

Version 20.6.5.1.11

Status affected

Version 20.12.1

Status affected

Version 20.12.1_LI_Images

Status affected

Version 20.6.5.1.13

Status affected

Version 20.9.3.0.23

Status affected

Version 20.6.5.2.8

Status affected

Version 20.9.4.1

Status affected

Version 20.9.4.1_LI_Images

Status affected

Version 20.9.3.0.25

Status affected

Version 20.9.3.0.24

Status affected

Version 20.6.5.1.14

Status affected

Version 20.3.8

Status affected

Version 20.6.6

Status affected

Version 20.9.3.0.26

Status affected

Version 20.6.3.0.51

Status affected

Version 20.9.3.0.29

Status affected

Version 20.12.2

Status affected

Version 20.12.2_LI_Images

Status affected

Version 20.6.6.0.1

Status affected

Version 20.13.1_LI_Images

Status affected

Version 20.9.4.0.4

Status affected

Version 20.13.1

Status affected

Version 20.9.4.1.1

Status affected

Version 20.9.5

Status affected

Version 20.9.5_LI_Images

Status affected

Version 20.12.3_LI_Images

Status affected

Version 20.12.3

Status affected

Version 20.9.4.1.3

Status affected

Version 20.6.7

Status affected

Version 20.9.5.1

Status affected

Version 20.9.5.1_LI_Images

Status affected

Version 20.9.4.1.6

Status affected

Version 20.14.1

Status affected

Version 20.14.1_LI_Images

Status affected

Version 20.9.5.2

Status affected

Version 20.9.5.2.1

Status affected

Version 20.9.5.2_LI_Images

Status affected

Version 20.12.3.1

Status affected

Version 20.12.4

Status affected

Version 20.15.1_LI_Images

Status affected

Version 20.15.1

Status affected

Version 20.9.5.1.4

Status affected

Version 20.9.5.2.7

Status affected

Version 20.9.5.2.13

Status affected

Version 20.9.6

Status affected

Version 20.9.6_LI_Images

Status affected

Version 20.9.5.2.14

Status affected

Version 20.6.8

Status affected

Version 20.12.4.0.03

Status affected

Version 20.16.1

Status affected

Version 20.16.1_LI_Images

Status affected

Version 20.12.4_LI_Images

Status affected

Version 20.9.5.2.16

Status affected

Version 20.12.4.0.4

Status affected

Version 20.12.401

Status affected

Version 20.9.5.3

Status affected

Version 20.9.5.3_LI_Images

Status affected

Version 20.12.4.1_LI_Images

Status affected

Version 20.12.4.1

Status affected

Version 20.9.5.2.21

Status affected

Version 20.9.6.0.3

Status affected

Version 20.12.4.0.6

Status affected

Version 20.15.2_LI_Images

Status affected

Version 20.15.2

Status affected

Version 20.12.4_Monthly_ES5

Status affected

Version 20.12.5

Status affected

Version 20.12.5_LI_Images

Status affected

Version 20.9.7_LI _Images

Status affected

Version 20.9.7

Status affected

Version 20.15.3

Status affected

Version 20.15.3_ LI _Images

Status affected

Version 20.12.501

Status affected

Version 20.12.5.1_LI_Images

Status affected

Version 20.12.5.1

Status affected

Version 20.12.5.2_LI_Images

Status affected

Version 20.12.5.2

Status affected

Version 20.15.3.1

Status affected

Version 20.15.4_LI_Images

Status affected

Version 20.15.4

Status affected

Version 20.9.7.1_LI _Images

Status affected

Version 20.9.7.1

Status affected

Version 20.18.1

Status affected

Version 20.18.1_LI_Images

Status affected

Version 20.12.6_LI_Images

Status affected

Version 20.12.6

Status affected

Version 20.12.5.1.01

Status affected

Version 26.0.1

Status affected

Version 20.9.8

Status affected

Version 20.9.8_LI_Images

Status affected

Version 20.18.2

Status affected

Version 20.15.4.1_LI_Images

Status affected

Version 20.15.4.1

Status affected

Version 20.18.2_LI_Images

Status affected

Version 26.1.1

Status affected

Version 26.1.1_LI_Images

Status affected

Version 20.18.2.1_LI_Images

Status affected

Version 20.18.2.1

Status affected

Version 20.15.4.2_LI_Images

Status affected

Version 20.15.4.2

Status affected

Version 20.12.6.1

Status affected

Version 20.12.6.1_LI_Images

Status affected

Version 20.12.5.3

Status affected

Version 20.12.5.3_LI_Images

Status affected

Version 20.9.8.2_LI_Images

Status affected

Version 20.9.8.2

Status affected

Version 20.18.3

Status affected

Version 20.18.3_LI_Images

Status affected

Version 20.15.5

Status affected

Version 20.15.5_LI_Images

Status affected

Version 20.12.7

Status affected

Version 20.12.7_LI_Images

Status affected

Version 20.9.9

Status affected

Version 20.9.9_LI_Images

Status affected

Version 20.18.2.2

Status affected

Version 20.18.2.2_LI_Images

Status affected

Version 20.12.5.4

Status affected

Version 20.12.5.4_LI_ Images

Status affected

Version 20.12.7.1_LI_Images

Status affected

Version 20.12.6.2_LI_Images

Status affected

Version 20.12.7.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.082

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R

https://nvd.nist.gov/vuln/detail/CVE-2026-20224

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20224

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20224

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20224