CVE-2020-26066

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Published: Nov 18, 2024
Updated: Nov 16, 2025
CVE: CVE-2020-26066
Exploit:

No technical information available.

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
cisco / catalyst_sd-wan_manager	17.2.4	17.2.4.x
cisco / catalyst_sd-wan_manager	17.2.5	17.2.5.x
cisco / catalyst_sd-wan_manager	17.2.6	17.2.6.x
cisco / catalyst_sd-wan_manager	17.2.7	17.2.7.x
cisco / catalyst_sd-wan_manager	17.2.8	17.2.8.x
cisco / catalyst_sd-wan_manager	17.2.9	17.2.9.x
cisco / catalyst_sd-wan_manager	17.2.10	17.2.10.x
cisco / catalyst_sd-wan_manager	18.2.0	18.2.0.x
cisco / catalyst_sd-wan_manager	18.3.0	18.3.0.x
cisco / catalyst_sd-wan_manager	18.3.1	18.3.1.x
cisco / catalyst_sd-wan_manager	18.3.1.1	18.3.1.1.x
cisco / catalyst_sd-wan_manager	18.3.3	18.3.3.x
cisco / catalyst_sd-wan_manager	18.3.3.1	18.3.3.1.x
cisco / catalyst_sd-wan_manager	18.3.4	18.3.4.x
cisco / catalyst_sd-wan_manager	18.3.5	18.3.5.x
cisco / catalyst_sd-wan_manager	18.3.6	18.3.6.x
cisco / catalyst_sd-wan_manager	18.3.6.1	18.3.6.1.x
cisco / catalyst_sd-wan_manager	18.3.7	18.3.7.x
cisco / catalyst_sd-wan_manager	18.3.8	18.3.8.x
cisco / catalyst_sd-wan_manager	18.4.0	18.4.0.x
cisco / catalyst_sd-wan_manager	18.4.0.1	18.4.0.1.x
cisco / catalyst_sd-wan_manager	18.4.1	18.4.1.x
cisco / catalyst_sd-wan_manager	18.4.3	18.4.3.x
cisco / catalyst_sd-wan_manager	18.4.4	18.4.4.x
cisco / catalyst_sd-wan_manager	18.4.5	18.4.5.x
cisco / catalyst_sd-wan_manager	18.4.302	18.4.302.x
cisco / catalyst_sd-wan_manager	18.4.303	18.4.303.x
cisco / catalyst_sd-wan_manager	18.4.501_es	18.4.501_es.x
cisco / catalyst_sd-wan_manager	19.0.0	19.0.0.x
cisco / catalyst_sd-wan_manager	19.0.1a	19.0.1a.x
cisco / catalyst_sd-wan_manager	19.1.0	19.1.0.x
cisco / catalyst_sd-wan_manager	19.2.0	19.2.0.x
cisco / catalyst_sd-wan_manager	19.2.1	19.2.1.x
cisco / catalyst_sd-wan_manager	19.2.2	19.2.2.x
cisco / catalyst_sd-wan_manager	19.2.3	19.2.3.x
cisco / catalyst_sd-wan_manager	19.2.31	19.2.31.x
cisco / catalyst_sd-wan_manager	19.2.097	19.2.097.x
cisco / catalyst_sd-wan_manager	19.2.098	19.2.098.x
cisco / catalyst_sd-wan_manager	19.2.099	19.2.099.x
cisco / catalyst_sd-wan_manager	19.2.929	19.2.929.x
cisco / catalyst_sd-wan_manager	19.3.0	19.3.0.x
cisco / catalyst_sd-wan_manager	20.1.1	20.1.1.x
cisco / catalyst_sd-wan_manager	20.1.1.1	20.1.1.1.x
cisco / catalyst_sd-wan_manager	20.1.12	20.1.12.x
cisco / catalyst_sd-wan_manager	20.3.1	20.3.1.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD

Vulnerability Database

309,469

CVE-2020-26066

Deep Security Visibility Without the Complexity