Cisco Catalyst SD-WAN Manager
Easy fix13 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Easy fix13 remedies
- < 20.9
- <= 20.9
- <= 20.10
- <= 20.11
- <= 20.12
- <= 20.13
- <= 20.14
- <= 20.15
- <= 20.16
- <= 20.18
- <= 26.1
Cisco Catalyst SD-WAN Manager XML External Entity Injection Vulnerability
Vulnerability
Patched
A vulnerability exists in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) that could allow an unauthenticated, remote attacker to read arbitrary files from the affected system. This issue arises from improper handling of XML External Entity (XXE) entries during XML file parsing. Exploitation involves sending a crafted request to the system, which could result in unauthorized file access.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the affected system.
Remediation
Cisco has released software updates to address this vulnerability. Customers are advised to upgrade to the latest version of Cisco Catalyst SD-WAN Software. For additional guidance, consult the Cisco Catalyst SD-WAN Upgrade Matrix and the Cisco Catalyst SD-WAN Hardening Guide.
Added: May 14, 2026, 5:44 PM
Updated: May 14, 2026, 5:44 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
8.1remediation
8.3relevance
8.3threat
0.0urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.