Common Weakness Enumeration

CWE-287

Discouraged

Improper Authentication

Abstraction: Class · Status: Draft

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

5966 vulnerabilities reference this CWE, most recent first.

CVE-2026-20129 (GCVE-0-2026-20129)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-20 21:47
VLAI
Title
Cisco Catayst SD-WAN Authentication Bypass Vulnerability
Summary
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. 
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
Affected: 19.2.1
Affected: 18.4.4
Affected: 18.4.5
Affected: 20.1.1.1
Affected: 20.1.1
Affected: 19.3.0
Affected: 19.2.2
Affected: 19.2.099
Affected: 18.3.6
Affected: 18.3.7
Affected: 19.2.0
Affected: 18.3.8
Affected: 19.0.0
Affected: 19.1.0
Affected: 18.4.302
Affected: 18.4.303
Affected: 19.2.097
Affected: 19.2.098
Affected: 17.2.10
Affected: 18.3.6.1
Affected: 19.0.1a
Affected: 18.2.0
Affected: 18.4.3
Affected: 18.4.1
Affected: 17.2.8
Affected: 18.3.3.1
Affected: 18.4.0
Affected: 18.3.1
Affected: 17.2.6
Affected: 17.2.9
Affected: 18.3.4
Affected: 17.2.5
Affected: 18.3.1.1
Affected: 18.3.5
Affected: 18.4.0.1
Affected: 18.3.3
Affected: 17.2.7
Affected: 17.2.4
Affected: 18.3.0
Affected: 19.2.3
Affected: 18.4.501_ES
Affected: 20.3.1
Affected: 20.1.2
Affected: 19.2.929
Affected: 19.2.31
Affected: 20.3.2
Affected: 19.2.32
Affected: 20.3.2_925
Affected: 20.3.2.1
Affected: 20.3.2.1_927
Affected: 18.4.6
Affected: 20.1.2_937
Affected: 20.4.1
Affected: 20.3.2_928
Affected: 20.3.2_929
Affected: 20.4.1.0.1
Affected: 20.3.2.1_930
Affected: 19.2.4
Affected: 20.5.0.1.1
Affected: 20.4.1.1
Affected: 20.3.3
Affected: 19.2.4.0.1
Affected: 20.3.2_937
Affected: 20.3.3.1
Affected: 20.5.1
Affected: 20.1.3
Affected: 20.3.3.0.4
Affected: 20.3.3.1.2
Affected: 20.3.3.1.1
Affected: 20.4.1.2
Affected: 20.3.3.0.2
Affected: 20.4.1.1.5
Affected: 20.4.1.0.01
Affected: 20.4.1.0.02
Affected: 20.3.3.1.7
Affected: 20.3.3.1.5
Affected: 20.5.1.0.1
Affected: 20.3.3.1.10
Affected: 20.3.3.0.8
Affected: 20.4.2
Affected: 20.4.2.0.1
Affected: 20.3.4
Affected: 20.3.3.0.14
Affected: 19.2.4.0.8
Affected: 19.2.4.0.9
Affected: 20.3.4.0.1
Affected: 20.3.2.0.5
Affected: 20.6.1
Affected: 20.5.1.0.2
Affected: 20.3.3.0.17
Affected: 20.6.1.1
Affected: 20.6.0.18.3
Affected: 20.3.2.0.6
Affected: 20.6.0.18.4
Affected: 20.4.2.0.2
Affected: 20.3.3.0.16
Affected: 20.3.4.0.5
Affected: 20.6.1.0.1
Affected: 20.3.4.0.6
Affected: 20.6.2
Affected: 20.7.1EFT2
Affected: 20.3.4.0.9
Affected: 20.3.4.0.11
Affected: 20.4.2.0.4
Affected: 20.3.3.0.18
Affected: 20.7.1
Affected: 20.6.2.1
Affected: 20.3.4.1
Affected: 20.5.1.1
Affected: 20.4.2.1
Affected: 20.4.2.1.1
Affected: 20.3.4.1.1
Affected: 20.3.813
Affected: 20.3.4.0.19
Affected: 20.4.2.2.1
Affected: 20.5.1.2
Affected: 20.3.4.2
Affected: 20.3.814
Affected: 20.4.2.2
Affected: 20.6.2.2
Affected: 20.3.4.2.1
Affected: 20.7.1.1
Affected: 20.3.4.1.2
Affected: 20.6.2.2.2
Affected: 20.3.4.0.20
Affected: 20.6.2.2.3
Affected: 20.4.2.2.2
Affected: 20.3.5
Affected: 20.6.2.0.4
Affected: 20.4.2.2.3
Affected: 20.3.4.0.24
Affected: 20.6.2.2.7
Affected: 20.6.3
Affected: 20.3.4.2.2
Affected: 20.4.2.2.4
Affected: 20.7.1.0.2
Affected: 20.8.1
Affected: 20.3.5.0.8
Affected: 20.3.5.0.9
Affected: 20.4.2.2.8
Affected: 20.3.5.0.7
Affected: 20.6.3.0.7
Affected: 20.6.3.0.5
Affected: 20.6.3.0.10
Affected: 20.6.3.0.2
Affected: 20.7.2
Affected: 20.9.1EFT2
Affected: 20.6.3.0.11
Affected: 20.6.3.1
Affected: 20.6.3.0.14
Affected: 20.6.4
Affected: 20.9.1
Affected: 20.6.3.0.19
Affected: 20.6.3.0.18
Affected: 20.3.6
Affected: 20.9.1.1
Affected: 20.6.3.0.23
Affected: 20.6.4.0.4
Affected: 20.6.3.0.25
Affected: 20.6.5
Affected: 20.6.3.0.27
Affected: 20.9.2
Affected: 20.9.2.1
Affected: 20.6.3.0.29
Affected: 20.6.3.0.31
Affected: 20.6.3.0.32
Affected: 20.10.1
Affected: 20.6.3.0.33
Affected: 20.9.2.0.01
Affected: 20.9.1_LI_Images
Affected: 20.10.1_LI_Images
Affected: 20.9.2_LI_Images
Affected: 20.3.7
Affected: 20.9.3
Affected: 20.6.5.1
Affected: 20.11.1
Affected: 20.11.1_LI_Images
Affected: 20.9.3_LI_ Images
Affected: 20.6.3.1.1
Affected: 20.9.3.0.2
Affected: 20.6.5.1.2
Affected: 20.9.3.0.3
Affected: 20.4.2.3
Affected: 20.6.3.2
Affected: 20.6.4.1
Affected: 20.6.3.0.38
Affected: 20.6.3.0.39
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.9.3.1
Affected: 20.3.3.2
Affected: 20.6.5.2
Affected: 20.3.7.1
Affected: 20.10.1.1
Affected: 20.6.5.2.1
Affected: 20.3.4.0.25
Affected: 20.6.2.2.4
Affected: 20.6.1.2
Affected: 20.11.1.1
Affected: 20.9.3.0.5
Affected: 20.3.4.0.26
Affected: 20.6.5.1.3
Affected: 20.6.3.0.40
Affected: 20.1.3.1
Affected: 20.9.2.2
Affected: 20.6.5.2.3
Affected: 20.6.5.1.4
Affected: 20.6.5.3
Affected: 20.6.3.0.41
Affected: 20.9.3.0.7
Affected: 20.6.5.1.5
Affected: 20.9.3.0.4
Affected: 20.6.4.0.19
Affected: 20.6.5.1.6
Affected: 20.9.3.0.8
Affected: 20.6.3.3
Affected: 20.3.7.2
Affected: 20.6.5.4
Affected: 20.6.5.1.7
Affected: 20.9.3.0.12
Affected: 20.6.4.2
Affected: 20.6.5.5
Affected: 20.9.3.2
Affected: 20.11.1.2
Affected: 20.6.3.4
Affected: 20.10.1.2
Affected: 20.6.5.1.9
Affected: 20.9.3.0.16
Affected: 20.6.3.0.45
Affected: 20.6.5.1.10
Affected: 20.9.3.0.17
Affected: 20.6.5.2.4
Affected: 20.6.4.0.21
Affected: 20.9.3.0.18
Affected: 20.6.3.0.46
Affected: 20.6.3.0.47
Affected: 20.9.2.3
Affected: 20.9.3.2_LI_Images
Affected: 20.9.3.0.21
Affected: 20.9.3.0.20
Affected: 20.9.4_LI_Images
Affected: 20.9.4
Affected: 20.6.5.1.11
Affected: 20.12.1
Affected: 20.12.1_LI_Images
Affected: 20.6.5.1.13
Affected: 20.9.3.0.23
Affected: 20.6.5.2.8
Affected: 20.9.4.1
Affected: 20.9.4.1_LI_Images
Affected: 20.9.3.0.25
Affected: 20.9.3.0.24
Affected: 20.6.5.1.14
Affected: 20.3.8
Affected: 20.6.6
Affected: 20.9.3.0.26
Affected: 20.6.3.0.51
Affected: 20.9.3.0.29
Affected: 20.12.2
Affected: 20.12.2_LI_Images
Affected: 20.6.6.0.1
Affected: 20.13.1_LI_Images
Affected: 20.9.4.0.4
Affected: 20.13.1
Affected: 20.9.4.1.1
Affected: 20.9.5
Affected: 20.9.5_LI_Images
Affected: 20.12.3_LI_Images
Affected: 20.12.3
Affected: 20.9.4.1.3
Affected: 20.6.7
Affected: 20.9.5.1
Affected: 20.9.5.1_LI_Images
Affected: 20.9.4.1.6
Affected: 20.14.1
Affected: 20.14.1_LI_Images
Affected: 20.9.5.2
Affected: 20.9.5.2.1
Affected: 20.9.5.2_LI_Images
Affected: 20.12.3.1
Affected: 20.12.4
Affected: 20.15.1_LI_Images
Affected: 20.15.1
Affected: 20.9.5.1.4
Affected: 20.9.5.2.7
Affected: 20.9.5.2.13
Affected: 20.9.6
Affected: 20.9.6_LI_Images
Affected: 20.9.5.2.14
Affected: 20.6.8
Affected: 20.12.4.0.03
Affected: 20.16.1
Affected: 20.16.1_LI_Images
Affected: 20.12.4_LI_Images
Affected: 20.9.5.2.16
Affected: 20.12.4.0.4
Affected: 20.12.401
Affected: 20.9.5.3
Affected: 20.9.5.3_LI_Images
Affected: 20.12.4.1_LI_Images
Affected: 20.12.4.1
Affected: 20.9.5.2.21
Affected: 20.9.6.0.3
Affected: 20.12.4.0.6
Affected: 20.15.2_LI_Images
Affected: 20.15.2
Affected: 20.12.4_Monthly_ES5
Affected: 20.12.5
Affected: 20.12.5_LI_Images
Affected: 20.9.7_LI _Images
Affected: 20.9.7
Affected: 20.15.3
Affected: 20.15.3_ LI _Images
Affected: 20.12.501
Affected: 20.12.5.1_LI_Images
Affected: 20.12.5.1
Affected: 20.12.5.2_LI_Images
Affected: 20.12.5.2
Affected: 20.15.3.1
Affected: 20.15.4_LI_Images
Affected: 20.15.4
Affected: 20.9.7.1_LI _Images
Affected: 20.9.7.1
Affected: 20.18.1
Affected: 20.18.1_LI_Images
Affected: 20.12.6_LI_Images
Affected: 20.12.6
Affected: 20.12.5.1.01
Affected: 20.9.8
Affected: 20.9.8_LI_Images
Affected: 20.18.2
Affected: 20.15.4.1_LI_Images
Affected: 20.15.4.1
Affected: 20.18.2_LI_Images
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T04:56:11.188124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:06.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "20.3.2_925"
            },
            {
              "status": "affected",
              "version": "20.3.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_927"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "20.1.2_937"
            },
            {
              "status": "affected",
              "version": "20.4.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_928"
            },
            {
              "status": "affected",
              "version": "20.3.2_929"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_930"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "20.5.0.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_937"
            },
            {
              "status": "affected",
              "version": "20.3.3.1"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.4.1.1.5"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.01"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.02"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.7"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.10"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.14"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.8"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.3"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.2"
            },
            {
              "status": "affected",
              "version": "20.7.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.11"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.7.1"
            },
            {
              "status": "affected",
              "version": "20.6.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.813"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2"
            },
            {
              "status": "affected",
              "version": "20.3.814"
            },
            {
              "status": "affected",
              "version": "20.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.7.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.20"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.5"
            },
            {
              "status": "affected",
              "version": "20.6.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.7"
            },
            {
              "status": "affected",
              "version": "20.6.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.7.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.8.1"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.9"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.10"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.7.2"
            },
            {
              "status": "affected",
              "version": "20.9.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.11"
            },
            {
              "status": "affected",
              "version": "20.6.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.14"
            },
            {
              "status": "affected",
              "version": "20.6.4"
            },
            {
              "status": "affected",
              "version": "20.9.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.9.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.27"
            },
            {
              "status": "affected",
              "version": "20.9.2"
            },
            {
              "status": "affected",
              "version": "20.9.2.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.31"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.32"
            },
            {
              "status": "affected",
              "version": "20.10.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.33"
            },
            {
              "status": "affected",
              "version": "20.9.2.0.01"
            },
            {
              "status": "affected",
              "version": "20.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.10.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.9.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1"
            },
            {
              "status": "affected",
              "version": "20.11.1"
            },
            {
              "status": "affected",
              "version": "20.11.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.6.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.4.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.38"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.39"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.10.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.40"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.9.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.41"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.6.3.3"
            },
            {
              "status": "affected",
              "version": "20.3.7.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.7"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.12"
            },
            {
              "status": "affected",
              "version": "20.6.4.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.3.4"
            },
            {
              "status": "affected",
              "version": "20.10.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.9"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.45"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.10"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.46"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.47"
            },
            {
              "status": "affected",
              "version": "20.9.2.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.20"
            },
            {
              "status": "affected",
              "version": "20.9.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.11"
            },
            {
              "status": "affected",
              "version": "20.12.1"
            },
            {
              "status": "affected",
              "version": "20.12.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.13"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.8"
            },
            {
              "status": "affected",
              "version": "20.9.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.14"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.6.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.51"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.12.2"
            },
            {
              "status": "affected",
              "version": "20.12.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.6.0.1"
            },
            {
              "status": "affected",
              "version": "20.13.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.13.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.5"
            },
            {
              "status": "affected",
              "version": "20.9.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.6"
            },
            {
              "status": "affected",
              "version": "20.14.1"
            },
            {
              "status": "affected",
              "version": "20.14.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3.1"
            },
            {
              "status": "affected",
              "version": "20.12.4"
            },
            {
              "status": "affected",
              "version": "20.15.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.13"
            },
            {
              "status": "affected",
              "version": "20.9.6"
            },
            {
              "status": "affected",
              "version": "20.9.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.14"
            },
            {
              "status": "affected",
              "version": "20.6.8"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.03"
            },
            {
              "status": "affected",
              "version": "20.16.1"
            },
            {
              "status": "affected",
              "version": "20.16.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.16"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.12.401"
            },
            {
              "status": "affected",
              "version": "20.9.5.3"
            },
            {
              "status": "affected",
              "version": "20.9.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.21"
            },
            {
              "status": "affected",
              "version": "20.9.6.0.3"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.15.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.2"
            },
            {
              "status": "affected",
              "version": "20.12.4_Monthly_ES5"
            },
            {
              "status": "affected",
              "version": "20.12.5"
            },
            {
              "status": "affected",
              "version": "20.12.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.7_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7"
            },
            {
              "status": "affected",
              "version": "20.15.3"
            },
            {
              "status": "affected",
              "version": "20.15.3_ LI _Images"
            },
            {
              "status": "affected",
              "version": "20.12.501"
            },
            {
              "status": "affected",
              "version": "20.12.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.3.1"
            },
            {
              "status": "affected",
              "version": "20.15.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4"
            },
            {
              "status": "affected",
              "version": "20.9.7.1_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7.1"
            },
            {
              "status": "affected",
              "version": "20.18.1"
            },
            {
              "status": "affected",
              "version": "20.18.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6"
            },
            {
              "status": "affected",
              "version": "20.12.5.1.01"
            },
            {
              "status": "affected",
              "version": "20.9.8"
            },
            {
              "status": "affected",
              "version": "20.9.8_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.1"
            },
            {
              "status": "affected",
              "version": "20.18.2_LI_Images"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the\u0026nbsp;netadmin role.\r\n\r\nThe vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T21:47:59.021Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwan-authbp-qwCX8D4v",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
        "defects": [
          "CSCws33587"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catayst SD-WAN Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20129",
    "datePublished": "2026-02-25T16:14:09.046Z",
    "dateReserved": "2025-10-08T11:59:15.379Z",
    "dateUpdated": "2026-03-20T21:47:59.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20127 (GCVE-0-2026-20127)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-06-16 17:57
VLAI
Title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. 
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Catalyst SD-WAN Manager Affected: 20.1.12
Affected: 19.2.1
Affected: 18.4.4
Affected: 18.4.5
Affected: 20.1.1.1
Affected: 20.1.1
Affected: 19.3.0
Affected: 19.2.2
Affected: 19.2.099
Affected: 18.3.6
Affected: 18.3.7
Affected: 19.2.0
Affected: 18.3.8
Affected: 19.0.0
Affected: 19.1.0
Affected: 18.4.302
Affected: 18.4.303
Affected: 19.2.097
Affected: 19.2.098
Affected: 17.2.10
Affected: 18.3.6.1
Affected: 19.0.1a
Affected: 18.2.0
Affected: 18.4.3
Affected: 18.4.1
Affected: 17.2.8
Affected: 18.3.3.1
Affected: 18.4.0
Affected: 18.3.1
Affected: 17.2.6
Affected: 17.2.9
Affected: 18.3.4
Affected: 17.2.5
Affected: 18.3.1.1
Affected: 18.3.5
Affected: 18.4.0.1
Affected: 18.3.3
Affected: 17.2.7
Affected: 17.2.4
Affected: 18.3.0
Affected: 19.2.3
Affected: 18.4.501_ES
Affected: 20.3.1
Affected: 20.1.2
Affected: 19.2.929
Affected: 19.2.31
Affected: 20.3.2
Affected: 19.2.32
Affected: 20.3.2_925
Affected: 20.3.2.1
Affected: 20.3.2.1_927
Affected: 18.4.6
Affected: 20.1.2_937
Affected: 20.4.1
Affected: 20.3.2_928
Affected: 20.3.2_929
Affected: 20.4.1.0.1
Affected: 20.3.2.1_930
Affected: 19.2.4
Affected: 20.5.0.1.1
Affected: 20.4.1.1
Affected: 20.3.3
Affected: 19.2.4.0.1
Affected: 20.3.2_937
Affected: 20.3.3.1
Affected: 20.5.1
Affected: 20.1.3
Affected: 20.3.3.0.4
Affected: 20.3.3.1.2
Affected: 20.3.3.1.1
Affected: 20.4.1.2
Affected: 20.3.3.0.2
Affected: 20.4.1.1.5
Affected: 20.4.1.0.01
Affected: 20.4.1.0.02
Affected: 20.3.3.1.7
Affected: 20.3.3.1.5
Affected: 20.5.1.0.1
Affected: 20.3.3.1.10
Affected: 20.3.3.0.8
Affected: 20.4.2
Affected: 20.4.2.0.1
Affected: 20.3.4
Affected: 20.3.3.0.14
Affected: 19.2.4.0.8
Affected: 19.2.4.0.9
Affected: 20.3.4.0.1
Affected: 20.3.2.0.5
Affected: 20.6.1
Affected: 20.5.1.0.2
Affected: 20.3.3.0.17
Affected: 20.6.1.1
Affected: 20.6.0.18.3
Affected: 20.3.2.0.6
Affected: 20.6.0.18.4
Affected: 20.4.2.0.2
Affected: 20.3.3.0.16
Affected: 20.3.4.0.5
Affected: 20.6.1.0.1
Affected: 20.3.4.0.6
Affected: 20.6.2
Affected: 20.7.1EFT2
Affected: 20.3.4.0.9
Affected: 20.3.4.0.11
Affected: 20.4.2.0.4
Affected: 20.3.3.0.18
Affected: 20.7.1
Affected: 20.6.2.1
Affected: 20.3.4.1
Affected: 20.5.1.1
Affected: 20.4.2.1
Affected: 20.4.2.1.1
Affected: 20.3.4.1.1
Affected: 20.3.813
Affected: 20.3.4.0.19
Affected: 20.4.2.2.1
Affected: 20.5.1.2
Affected: 20.3.4.2
Affected: 20.3.814
Affected: 20.4.2.2
Affected: 20.6.2.2
Affected: 20.3.4.2.1
Affected: 20.7.1.1
Affected: 20.3.4.1.2
Affected: 20.6.2.2.2
Affected: 20.3.4.0.20
Affected: 20.6.2.2.3
Affected: 20.4.2.2.2
Affected: 20.3.5
Affected: 20.6.2.0.4
Affected: 20.4.2.2.3
Affected: 20.3.4.0.24
Affected: 20.6.2.2.7
Affected: 20.6.3
Affected: 20.3.4.2.2
Affected: 20.4.2.2.4
Affected: 20.7.1.0.2
Affected: 20.8.1
Affected: 20.3.5.0.8
Affected: 20.3.5.0.9
Affected: 20.4.2.2.8
Affected: 20.3.5.0.7
Affected: 20.6.3.0.7
Affected: 20.6.3.0.5
Affected: 20.6.3.0.10
Affected: 20.6.3.0.2
Affected: 20.7.2
Affected: 20.9.1EFT2
Affected: 20.6.3.0.11
Affected: 20.6.3.1
Affected: 20.6.3.0.14
Affected: 20.6.4
Affected: 20.9.1
Affected: 20.6.3.0.19
Affected: 20.6.3.0.18
Affected: 20.3.6
Affected: 20.9.1.1
Affected: 20.6.3.0.23
Affected: 20.6.4.0.4
Affected: 20.6.3.0.25
Affected: 20.6.5
Affected: 20.6.3.0.27
Affected: 20.9.2
Affected: 20.9.2.1
Affected: 20.6.3.0.29
Affected: 20.6.3.0.31
Affected: 20.6.3.0.32
Affected: 20.10.1
Affected: 20.6.3.0.33
Affected: 20.9.2.0.01
Affected: 20.9.1_LI_Images
Affected: 20.10.1_LI_Images
Affected: 20.9.2_LI_Images
Affected: 20.3.7
Affected: 20.9.3
Affected: 20.6.5.1
Affected: 20.11.1
Affected: 20.11.1_LI_Images
Affected: 20.9.3_LI_ Images
Affected: 20.6.3.1.1
Affected: 20.9.3.0.2
Affected: 20.6.5.1.2
Affected: 20.9.3.0.3
Affected: 20.4.2.3
Affected: 20.6.3.2
Affected: 20.6.4.1
Affected: 20.6.3.0.38
Affected: 20.6.3.0.39
Affected: 20.3.5.1
Affected: 20.3.4.3
Affected: 20.9.3.1
Affected: 20.3.3.2
Affected: 20.6.5.2
Affected: 20.3.7.1
Affected: 20.10.1.1
Affected: 20.6.5.2.1
Affected: 20.3.4.0.25
Affected: 20.6.2.2.4
Affected: 20.6.1.2
Affected: 20.11.1.1
Affected: 20.9.3.0.5
Affected: 20.3.4.0.26
Affected: 20.6.5.1.3
Affected: 20.6.3.0.40
Affected: 20.1.3.1
Affected: 20.9.2.2
Affected: 20.6.5.2.3
Affected: 20.6.5.1.4
Affected: 20.6.5.3
Affected: 20.6.3.0.41
Affected: 20.9.3.0.7
Affected: 20.6.5.1.5
Affected: 20.9.3.0.4
Affected: 20.6.4.0.19
Affected: 20.6.5.1.6
Affected: 20.9.3.0.8
Affected: 20.6.3.3
Affected: 20.3.7.2
Affected: 20.6.5.4
Affected: 20.6.5.1.7
Affected: 20.9.3.0.12
Affected: 20.6.4.2
Affected: 20.6.5.5
Affected: 20.9.3.2
Affected: 20.11.1.2
Affected: 20.6.3.4
Affected: 20.10.1.2
Affected: 20.6.5.1.9
Affected: 20.9.3.0.16
Affected: 20.6.3.0.45
Affected: 20.6.5.1.10
Affected: 20.9.3.0.17
Affected: 20.6.5.2.4
Affected: 20.6.4.0.21
Affected: 20.9.3.0.18
Affected: 20.6.3.0.46
Affected: 20.6.3.0.47
Affected: 20.9.2.3
Affected: 20.9.3.2_LI_Images
Affected: 20.9.3.0.21
Affected: 20.9.3.0.20
Affected: 20.9.4_LI_Images
Affected: 20.9.4
Affected: 20.6.5.1.11
Affected: 20.12.1
Affected: 20.12.1_LI_Images
Affected: 20.6.5.1.13
Affected: 20.9.3.0.23
Affected: 20.6.5.2.8
Affected: 20.9.4.1
Affected: 20.9.4.1_LI_Images
Affected: 20.9.3.0.25
Affected: 20.9.3.0.24
Affected: 20.6.5.1.14
Affected: 20.3.8
Affected: 20.6.6
Affected: 20.9.3.0.26
Affected: 20.6.3.0.51
Affected: 20.9.3.0.29
Affected: 20.12.2
Affected: 20.12.2_LI_Images
Affected: 20.6.6.0.1
Affected: 20.13.1_LI_Images
Affected: 20.9.4.0.4
Affected: 20.13.1
Affected: 20.9.4.1.1
Affected: 20.9.5
Affected: 20.9.5_LI_Images
Affected: 20.12.3_LI_Images
Affected: 20.12.3
Affected: 20.9.4.1.3
Affected: 20.6.7
Affected: 20.9.5.1
Affected: 20.9.5.1_LI_Images
Affected: 20.9.4.1.6
Affected: 20.14.1
Affected: 20.14.1_LI_Images
Affected: 20.9.5.2
Affected: 20.9.5.2.1
Affected: 20.9.5.2_LI_Images
Affected: 20.12.3.1
Affected: 20.12.4
Affected: 20.15.1_LI_Images
Affected: 20.15.1
Affected: 20.9.5.1.4
Affected: 20.9.5.2.7
Affected: 20.9.5.2.13
Affected: 20.9.6
Affected: 20.9.6_LI_Images
Affected: 20.9.5.2.14
Affected: 20.6.8
Affected: 20.12.4.0.03
Affected: 20.16.1
Affected: 20.16.1_LI_Images
Affected: 20.12.4_LI_Images
Affected: 20.9.5.2.16
Affected: 20.12.4.0.4
Affected: 20.12.401
Affected: 20.9.5.3
Affected: 20.9.5.3_LI_Images
Affected: 20.12.4.1_LI_Images
Affected: 20.12.4.1
Affected: 20.9.5.2.21
Affected: 20.9.6.0.3
Affected: 20.12.4.0.6
Affected: 20.15.2_LI_Images
Affected: 20.15.2
Affected: 20.12.4_Monthly_ES5
Affected: 20.12.5
Affected: 20.12.5_LI_Images
Affected: 20.9.7_LI _Images
Affected: 20.9.7
Affected: 20.15.3
Affected: 20.15.3_ LI _Images
Affected: 20.12.501
Affected: 20.12.5.1_LI_Images
Affected: 20.12.5.1
Affected: 20.12.5.2_LI_Images
Affected: 20.12.5.2
Affected: 20.15.3.1
Affected: 20.15.4_LI_Images
Affected: 20.15.4
Affected: 20.9.7.1_LI _Images
Affected: 20.9.7.1
Affected: 20.18.1
Affected: 20.18.1_LI_Images
Affected: 20.12.6_LI_Images
Affected: 20.12.6
Affected: 20.12.5.1.01
Affected: 20.9.8
Affected: 20.9.8_LI_Images
Affected: 20.18.2
Affected: 20.15.4.1_LI_Images
Affected: 20.15.4.1
Affected: 20.18.2_LI_Images
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20127",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-26T04:55:54.782171Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-02-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:06.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Catalyst SD-WAN Manager",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "20.1.12"
            },
            {
              "status": "affected",
              "version": "19.2.1"
            },
            {
              "status": "affected",
              "version": "18.4.4"
            },
            {
              "status": "affected",
              "version": "18.4.5"
            },
            {
              "status": "affected",
              "version": "20.1.1.1"
            },
            {
              "status": "affected",
              "version": "20.1.1"
            },
            {
              "status": "affected",
              "version": "19.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.2"
            },
            {
              "status": "affected",
              "version": "19.2.099"
            },
            {
              "status": "affected",
              "version": "18.3.6"
            },
            {
              "status": "affected",
              "version": "18.3.7"
            },
            {
              "status": "affected",
              "version": "19.2.0"
            },
            {
              "status": "affected",
              "version": "18.3.8"
            },
            {
              "status": "affected",
              "version": "19.0.0"
            },
            {
              "status": "affected",
              "version": "19.1.0"
            },
            {
              "status": "affected",
              "version": "18.4.302"
            },
            {
              "status": "affected",
              "version": "18.4.303"
            },
            {
              "status": "affected",
              "version": "19.2.097"
            },
            {
              "status": "affected",
              "version": "19.2.098"
            },
            {
              "status": "affected",
              "version": "17.2.10"
            },
            {
              "status": "affected",
              "version": "18.3.6.1"
            },
            {
              "status": "affected",
              "version": "19.0.1a"
            },
            {
              "status": "affected",
              "version": "18.2.0"
            },
            {
              "status": "affected",
              "version": "18.4.3"
            },
            {
              "status": "affected",
              "version": "18.4.1"
            },
            {
              "status": "affected",
              "version": "17.2.8"
            },
            {
              "status": "affected",
              "version": "18.3.3.1"
            },
            {
              "status": "affected",
              "version": "18.4.0"
            },
            {
              "status": "affected",
              "version": "18.3.1"
            },
            {
              "status": "affected",
              "version": "17.2.6"
            },
            {
              "status": "affected",
              "version": "17.2.9"
            },
            {
              "status": "affected",
              "version": "18.3.4"
            },
            {
              "status": "affected",
              "version": "17.2.5"
            },
            {
              "status": "affected",
              "version": "18.3.1.1"
            },
            {
              "status": "affected",
              "version": "18.3.5"
            },
            {
              "status": "affected",
              "version": "18.4.0.1"
            },
            {
              "status": "affected",
              "version": "18.3.3"
            },
            {
              "status": "affected",
              "version": "17.2.7"
            },
            {
              "status": "affected",
              "version": "17.2.4"
            },
            {
              "status": "affected",
              "version": "18.3.0"
            },
            {
              "status": "affected",
              "version": "19.2.3"
            },
            {
              "status": "affected",
              "version": "18.4.501_ES"
            },
            {
              "status": "affected",
              "version": "20.3.1"
            },
            {
              "status": "affected",
              "version": "20.1.2"
            },
            {
              "status": "affected",
              "version": "19.2.929"
            },
            {
              "status": "affected",
              "version": "19.2.31"
            },
            {
              "status": "affected",
              "version": "20.3.2"
            },
            {
              "status": "affected",
              "version": "19.2.32"
            },
            {
              "status": "affected",
              "version": "20.3.2_925"
            },
            {
              "status": "affected",
              "version": "20.3.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_927"
            },
            {
              "status": "affected",
              "version": "18.4.6"
            },
            {
              "status": "affected",
              "version": "20.1.2_937"
            },
            {
              "status": "affected",
              "version": "20.4.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_928"
            },
            {
              "status": "affected",
              "version": "20.3.2_929"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.1_930"
            },
            {
              "status": "affected",
              "version": "19.2.4"
            },
            {
              "status": "affected",
              "version": "20.5.0.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.3"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2_937"
            },
            {
              "status": "affected",
              "version": "20.3.3.1"
            },
            {
              "status": "affected",
              "version": "20.5.1"
            },
            {
              "status": "affected",
              "version": "20.1.3"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.4.1.1.5"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.01"
            },
            {
              "status": "affected",
              "version": "20.4.1.0.02"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.7"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.5"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.1.10"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.4.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.14"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.8"
            },
            {
              "status": "affected",
              "version": "19.2.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.3"
            },
            {
              "status": "affected",
              "version": "20.3.2.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.0.18.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.2"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.1.0.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.6.2"
            },
            {
              "status": "affected",
              "version": "20.7.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.9"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.11"
            },
            {
              "status": "affected",
              "version": "20.4.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.3.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.7.1"
            },
            {
              "status": "affected",
              "version": "20.6.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.4.2.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.813"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.1"
            },
            {
              "status": "affected",
              "version": "20.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2"
            },
            {
              "status": "affected",
              "version": "20.3.814"
            },
            {
              "status": "affected",
              "version": "20.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.1"
            },
            {
              "status": "affected",
              "version": "20.7.1.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.20"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.2"
            },
            {
              "status": "affected",
              "version": "20.3.5"
            },
            {
              "status": "affected",
              "version": "20.6.2.0.4"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.7"
            },
            {
              "status": "affected",
              "version": "20.6.3"
            },
            {
              "status": "affected",
              "version": "20.3.4.2.2"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.7.1.0.2"
            },
            {
              "status": "affected",
              "version": "20.8.1"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.9"
            },
            {
              "status": "affected",
              "version": "20.4.2.2.8"
            },
            {
              "status": "affected",
              "version": "20.3.5.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.10"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.7.2"
            },
            {
              "status": "affected",
              "version": "20.9.1EFT2"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.11"
            },
            {
              "status": "affected",
              "version": "20.6.3.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.14"
            },
            {
              "status": "affected",
              "version": "20.6.4"
            },
            {
              "status": "affected",
              "version": "20.9.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.3.6"
            },
            {
              "status": "affected",
              "version": "20.9.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.5"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.27"
            },
            {
              "status": "affected",
              "version": "20.9.2"
            },
            {
              "status": "affected",
              "version": "20.9.2.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.31"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.32"
            },
            {
              "status": "affected",
              "version": "20.10.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.33"
            },
            {
              "status": "affected",
              "version": "20.9.2.0.01"
            },
            {
              "status": "affected",
              "version": "20.9.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.10.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.3.7"
            },
            {
              "status": "affected",
              "version": "20.9.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1"
            },
            {
              "status": "affected",
              "version": "20.11.1"
            },
            {
              "status": "affected",
              "version": "20.11.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3_LI_ Images"
            },
            {
              "status": "affected",
              "version": "20.6.3.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.2"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.3"
            },
            {
              "status": "affected",
              "version": "20.4.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.4.1"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.38"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.39"
            },
            {
              "status": "affected",
              "version": "20.3.5.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.1"
            },
            {
              "status": "affected",
              "version": "20.3.3.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2"
            },
            {
              "status": "affected",
              "version": "20.3.7.1"
            },
            {
              "status": "affected",
              "version": "20.10.1.1"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.25"
            },
            {
              "status": "affected",
              "version": "20.6.2.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.1.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.5"
            },
            {
              "status": "affected",
              "version": "20.3.4.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.40"
            },
            {
              "status": "affected",
              "version": "20.1.3.1"
            },
            {
              "status": "affected",
              "version": "20.9.2.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.3"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.3"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.41"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.7"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.19"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.8"
            },
            {
              "status": "affected",
              "version": "20.6.3.3"
            },
            {
              "status": "affected",
              "version": "20.3.7.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.7"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.12"
            },
            {
              "status": "affected",
              "version": "20.6.4.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.5"
            },
            {
              "status": "affected",
              "version": "20.9.3.2"
            },
            {
              "status": "affected",
              "version": "20.11.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.3.4"
            },
            {
              "status": "affected",
              "version": "20.10.1.2"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.9"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.16"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.45"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.10"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.17"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.4"
            },
            {
              "status": "affected",
              "version": "20.6.4.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.18"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.46"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.47"
            },
            {
              "status": "affected",
              "version": "20.9.2.3"
            },
            {
              "status": "affected",
              "version": "20.9.3.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.21"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.20"
            },
            {
              "status": "affected",
              "version": "20.9.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.11"
            },
            {
              "status": "affected",
              "version": "20.12.1"
            },
            {
              "status": "affected",
              "version": "20.12.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.13"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.23"
            },
            {
              "status": "affected",
              "version": "20.6.5.2.8"
            },
            {
              "status": "affected",
              "version": "20.9.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.25"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.24"
            },
            {
              "status": "affected",
              "version": "20.6.5.1.14"
            },
            {
              "status": "affected",
              "version": "20.3.8"
            },
            {
              "status": "affected",
              "version": "20.6.6"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.26"
            },
            {
              "status": "affected",
              "version": "20.6.3.0.51"
            },
            {
              "status": "affected",
              "version": "20.9.3.0.29"
            },
            {
              "status": "affected",
              "version": "20.12.2"
            },
            {
              "status": "affected",
              "version": "20.12.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.6.6.0.1"
            },
            {
              "status": "affected",
              "version": "20.13.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.13.1"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.1"
            },
            {
              "status": "affected",
              "version": "20.9.5"
            },
            {
              "status": "affected",
              "version": "20.9.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.3"
            },
            {
              "status": "affected",
              "version": "20.6.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.4.1.6"
            },
            {
              "status": "affected",
              "version": "20.14.1"
            },
            {
              "status": "affected",
              "version": "20.14.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.3.1"
            },
            {
              "status": "affected",
              "version": "20.12.4"
            },
            {
              "status": "affected",
              "version": "20.15.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.1.4"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.7"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.13"
            },
            {
              "status": "affected",
              "version": "20.9.6"
            },
            {
              "status": "affected",
              "version": "20.9.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.14"
            },
            {
              "status": "affected",
              "version": "20.6.8"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.03"
            },
            {
              "status": "affected",
              "version": "20.16.1"
            },
            {
              "status": "affected",
              "version": "20.16.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.16"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.4"
            },
            {
              "status": "affected",
              "version": "20.12.401"
            },
            {
              "status": "affected",
              "version": "20.9.5.3"
            },
            {
              "status": "affected",
              "version": "20.9.5.3_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.4.1"
            },
            {
              "status": "affected",
              "version": "20.9.5.2.21"
            },
            {
              "status": "affected",
              "version": "20.9.6.0.3"
            },
            {
              "status": "affected",
              "version": "20.12.4.0.6"
            },
            {
              "status": "affected",
              "version": "20.15.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.2"
            },
            {
              "status": "affected",
              "version": "20.12.4_Monthly_ES5"
            },
            {
              "status": "affected",
              "version": "20.12.5"
            },
            {
              "status": "affected",
              "version": "20.12.5_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.9.7_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7"
            },
            {
              "status": "affected",
              "version": "20.15.3"
            },
            {
              "status": "affected",
              "version": "20.15.3_ LI _Images"
            },
            {
              "status": "affected",
              "version": "20.12.501"
            },
            {
              "status": "affected",
              "version": "20.12.5.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.1"
            },
            {
              "status": "affected",
              "version": "20.12.5.2_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.5.2"
            },
            {
              "status": "affected",
              "version": "20.15.3.1"
            },
            {
              "status": "affected",
              "version": "20.15.4_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4"
            },
            {
              "status": "affected",
              "version": "20.9.7.1_LI _Images"
            },
            {
              "status": "affected",
              "version": "20.9.7.1"
            },
            {
              "status": "affected",
              "version": "20.18.1"
            },
            {
              "status": "affected",
              "version": "20.18.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.12.6"
            },
            {
              "status": "affected",
              "version": "20.12.5.1.01"
            },
            {
              "status": "affected",
              "version": "20.9.8"
            },
            {
              "status": "affected",
              "version": "20.9.8_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.18.2"
            },
            {
              "status": "affected",
              "version": "20.15.4.1_LI_Images"
            },
            {
              "status": "affected",
              "version": "20.15.4.1"
            },
            {
              "status": "affected",
              "version": "20.18.2_LI_Images"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root\u0026nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.\u0026nbsp;"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is aware of limited exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T17:57:59.054Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sdwan-rpa-EHchtZk",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sdwan-rpa-EHchtZk",
        "defects": [
          "CSCws52722"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20127",
    "datePublished": "2026-02-25T16:14:20.137Z",
    "dateReserved": "2025-10-08T11:59:15.379Z",
    "dateUpdated": "2026-06-16T17:57:59.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GCVE-1-2026-20081 (CVE-2026-10611)

Vulnerability from gna-1 – Published: 2026-06-02 12:44 – Updated: 2026-06-02 12:49
VLAI
Title
OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
Summary
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge. As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code. The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.
CWE
  • CWE-287 - Improper Authentication
Assigner
References
Impacted products
Vendor Product Version
misp misp Affected: 0 , ≤ 2.5.38 (semver)
Create a notification for this product.
Credits
Andrea Capelli Luciano Righetti

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "misp",
          "vendor": "misp",
          "versions": [
            {
              "lessThanOrEqual": "2.5.38",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Capelli"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Luciano Righetti"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with \u003ccode\u003eLdapAuth.mixedAuth=true\u003c/code\u003e and \u003ccode\u003eSecurity.require_otp=true\u003c/code\u003e, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application \u003ccode\u003ebeforeFilter\u003c/code\u003e phase before the normal login flow enforces the OTP challenge.\u003c/p\u003e\u003cp\u003eAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\u003c/p\u003e\u003cp\u003eThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge.\n\nAs a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code.\n\nThe issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "orgId": "00000000-0000-4000-9000-000000000000"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/MISP/MISP/commit/39b3cb15aac4318afdd2ab63b96c2eac12b271fe"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
    "cveId": "CVE-2026-10611",
    "datePublished": "2026-06-02T12:44:00.000Z",
    "dateUpdated": "2026-06-02T12:49:10.965149Z",
    "requesterUserId": "00000000-0000-4000-9000-000000000000",
    "serial": 1,
    "state": "PUBLISHED",
    "vulnId": "gcve-1-2026-20081"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-15557 (GCVE-0-2026-15557)

Vulnerability from cvelistv5 – Published: 2026-07-13 09:30 – Updated: 2026-07-13 18:11
VLAI
Title
waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication
Summary
A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This manipulation of the argument x-internal-user-id request causes improper authentication. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://vuldb.com/vuln/377906 vdb-entrytechnical-description
https://vuldb.com/vuln/377906/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-15557 third-party-advisory
https://vuldb.com/submit/855187 third-party-advisory
https://github.com/waooAI/waoowaoo/issues/200 exploitissue-tracking
https://github.com/waooAI/waoowaoo/ product
Impacted products
Vendor Product Version
waooAI waoowaoo Affected: 0.4.0
Affected: 0.4.1
    cpe:2.3:a:waooai:waoowaoo:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Dem0000000 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15557",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T18:07:18.524271Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T18:11:46.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:waooai:waoowaoo:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Internal Task Header Handler"
          ],
          "product": "waoowaoo",
          "vendor": "waooAI",
          "versions": [
            {
              "status": "affected",
              "version": "0.4.0"
            },
            {
              "status": "affected",
              "version": "0.4.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dem0000000 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in waooAI waoowaoo up to 0.4.1. Affected by this vulnerability is the function getInternalTaskSession/getAuthSession/requireUserAuth/requireProjectAuth/requireProjectAuthLight in the library src/lib/api-auth.ts of the component Internal Task Header Handler. This manipulation of the argument x-internal-user-id request causes improper authentication. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T09:30:09.319Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377906 | waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/377906"
        },
        {
          "name": "VDB-377906 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377906/cti"
        },
        {
          "name": "CVE-2026-15557 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15557"
        },
        {
          "name": "Submit #855187 | waooAI waoowaoo 0.4.1 Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/855187"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/waooAI/waoowaoo/issues/200"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/waooAI/waoowaoo/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-13T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-13T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-13T07:08:58.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "waooAI waoowaoo Internal Task Header api-auth.ts requireProjectAuthLight improper authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15557",
    "datePublished": "2026-07-13T09:30:09.319Z",
    "dateReserved": "2026-07-13T05:03:01.385Z",
    "dateUpdated": "2026-07-13T18:11:46.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15542 (GCVE-0-2026-15542)

Vulnerability from cvelistv5 – Published: 2026-07-13 07:00 – Updated: 2026-07-15 14:10
VLAI
Title
will-moss Isaiah Websocket Connection Authentication main.go improper authentication
Summary
A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
Impacted products
Vendor Product Version
will-moss Isaiah Affected: 1.36.0
Affected: 1.36.1
Affected: 1.36.2
Affected: 1.36.3
Affected: 1.36.4
Affected: 1.36.5
Affected: 1.36.6
Affected: 1.36.7
Affected: 1.36.8
Affected: 1.36.9
    cpe:2.3:a:will-moss:isaiah:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Dem0000000 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-15T14:10:34.780790Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T14:10:48.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:will-moss:isaiah:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Websocket Connection Authentication"
          ],
          "product": "Isaiah",
          "vendor": "will-moss",
          "versions": [
            {
              "status": "affected",
              "version": "1.36.0"
            },
            {
              "status": "affected",
              "version": "1.36.1"
            },
            {
              "status": "affected",
              "version": "1.36.2"
            },
            {
              "status": "affected",
              "version": "1.36.3"
            },
            {
              "status": "affected",
              "version": "1.36.4"
            },
            {
              "status": "affected",
              "version": "1.36.5"
            },
            {
              "status": "affected",
              "version": "1.36.6"
            },
            {
              "status": "affected",
              "version": "1.36.7"
            },
            {
              "status": "affected",
              "version": "1.36.8"
            },
            {
              "status": "affected",
              "version": "1.36.9"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dem0000000 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in will-moss Isaiah up to 1.36.9. This affects an unknown function of the file app/main.go of the component Websocket Connection Authentication. The manipulation leads to improper authentication. The attack can be initiated remotely. The pull request to fix this issue awaits acceptance."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-13T07:00:09.998Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377892 | will-moss Isaiah Websocket Connection Authentication main.go improper authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/377892"
        },
        {
          "name": "VDB-377892 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377892/cti"
        },
        {
          "name": "CVE-2026-15542 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15542"
        },
        {
          "name": "Submit #855075 | will-moss Isaiah 1.36.9 CWE-287 Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/855075"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/will-moss/isaiah/issues/33"
        },
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/will-moss/isaiah/pull/36"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/will-moss/isaiah/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-12T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-12T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-12T20:18:56.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "will-moss Isaiah Websocket Connection Authentication main.go improper authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15542",
    "datePublished": "2026-07-13T07:00:09.998Z",
    "dateReserved": "2026-07-12T18:13:53.748Z",
    "dateUpdated": "2026-07-15T14:10:48.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15491 (GCVE-0-2026-15491)

Vulnerability from cvelistv5 – Published: 2026-07-12 09:45 – Updated: 2026-07-14 14:41
VLAI
Title
RafyMrX TOKO-ONLINE-ROTI missing authentication
Summary
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/377798 vdb-entry
https://vuldb.com/vuln/377798/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-15491 third-party-advisory
https://vuldb.com/submit/844137 third-party-advisory
Impacted products
Vendor Product Version
RafyMrX TOKO-ONLINE-ROTI Affected: ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
    cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Dest1ny_1 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-14T14:40:54.410312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-14T14:41:07.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*"
          ],
          "product": "TOKO-ONLINE-ROTI",
          "vendor": "RafyMrX",
          "versions": [
            {
              "status": "affected",
              "version": "ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dest1ny_1 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-12T09:45:06.760Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377798 | RafyMrX TOKO-ONLINE-ROTI missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/377798"
        },
        {
          "name": "VDB-377798 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377798/cti"
        },
        {
          "name": "CVE-2026-15491 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15491"
        },
        {
          "name": "Submit #844137 | RafyMrX TOKO-ONLINE-ROTI latest (2026-05, no formal release) Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/844137"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-11T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-11T14:03:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "RafyMrX TOKO-ONLINE-ROTI missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15491",
    "datePublished": "2026-07-12T09:45:06.760Z",
    "dateReserved": "2026-07-11T11:58:42.133Z",
    "dateUpdated": "2026-07-14T14:41:07.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15192 (GCVE-0-2026-15192)

Vulnerability from cvelistv5 – Published: 2026-07-09 16:30 – Updated: 2026-07-09 18:08
VLAI
Title
mettle sendportal APIv1 Webhooks mailjet missing authentication
Summary
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://vuldb.com/vuln/377118 vdb-entrytechnical-description
https://vuldb.com/vuln/377118/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-15192 third-party-advisory
https://vuldb.com/submit/851624 third-party-advisory
https://github.com/mettle/sendportal/issues/340 exploitissue-tracking
https://github.com/mettle/sendportal/ product
Impacted products
Vendor Product Version
mettle sendportal Affected: 3.0.0
Affected: 3.0.1
    cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Superman_04 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-15192",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-09T17:53:27.825956Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-09T18:08:24.940Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "APIv1 Webhooks"
          ],
          "product": "sendportal",
          "vendor": "mettle",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Superman_04 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T16:30:09.358Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-377118 | mettle sendportal APIv1 Webhooks mailjet missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/377118"
        },
        {
          "name": "VDB-377118 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/377118/cti"
        },
        {
          "name": "CVE-2026-15192 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-15192"
        },
        {
          "name": "Submit #851624 | Mettle sendportal Latest Improper Authentication",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/851624"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/mettle/sendportal/issues/340"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/mettle/sendportal/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-09T07:41:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "mettle sendportal APIv1 Webhooks mailjet missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-15192",
    "datePublished": "2026-07-09T16:30:09.358Z",
    "dateReserved": "2026-07-09T05:36:19.016Z",
    "dateUpdated": "2026-07-09T18:08:24.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14714 (GCVE-0-2026-14714)

Vulnerability from cvelistv5 – Published: 2026-07-05 05:30 – Updated: 2026-07-06 18:20 X_Open Source
VLAI
Title
zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication
Summary
A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: "We've added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash."
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
zhayujie chatgpt-on-wechat CowAgent Affected: 2.1.0
Unaffected: 2.1.1
    cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-j (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14714",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T18:19:17.226246Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T18:20:42.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:zhayujie:chatgpt-on-wechat_cowagent:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "wx Endpoint"
          ],
          "product": "chatgpt-on-wechat CowAgent",
          "vendor": "zhayujie",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "unaffected",
              "version": "2.1.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-j (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 2.1.1 is capable of addressing this issue. Patch name: 3d7c68bac6ee74fad63f43cf99e45c62e202ed55. It is suggested to upgrade the affected component. The project confirms: \"We\u0027ve added an explicit non-empty check for wechatmp_token in verify_server() so that the /wx endpoint now fails closed with 403 Forbidden whenever the token is missing or left at the default empty value, instead of relying on a signature check that silently degenerates to a predictable hash.\""
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.4,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-05T05:30:09.514Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376304 | zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376304"
        },
        {
          "name": "VDB-376304 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376304/cti"
        },
        {
          "name": "CVE-2026-14714 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14714"
        },
        {
          "name": "Submit #847484 | zhayujie chatgpt-on-wechat / CowAgent 2.1.0 Missing Authentication for Critical Function (CWE-306)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/847484"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/zhayujie/CowAgent/issues/2860"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zhayujie/CowAgent/commit/3d7c68bac6ee74fad63f43cf99e45c62e202ed55"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/zhayujie/CowAgent/releases/tag/2.1.1"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T09:49:02.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14714",
    "datePublished": "2026-07-05T05:30:09.514Z",
    "dateReserved": "2026-07-04T07:43:09.434Z",
    "dateUpdated": "2026-07-06T18:20:42.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14627 (GCVE-0-2026-14627)

Vulnerability from cvelistv5 – Published: 2026-07-04 12:45 – Updated: 2026-07-06 16:51
VLAI
Title
NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication
Summary
A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
Assigner
References
URL Tags
https://vuldb.com/vuln/376143 vdb-entrytechnical-description
https://vuldb.com/vuln/376143/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-14627 third-party-advisory
https://vuldb.com/submit/845598 third-party-advisory
https://gist.github.com/YLChen-007/d030c690b10a97… exploit
Impacted products
Vendor Product Version
NousResearch hermes-agent Affected: 0.15.0
Affected: 0.15.1
Affected: 0.15.2
    cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Eric-a (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14627",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T16:36:18.904042Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T16:51:32.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:nousresearch:hermes-agent:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Discord Platform Integration"
          ],
          "product": "hermes-agent",
          "vendor": "NousResearch",
          "versions": [
            {
              "status": "affected",
              "version": "0.15.0"
            },
            {
              "status": "affected",
              "version": "0.15.1"
            },
            {
              "status": "affected",
              "version": "0.15.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Eric-a (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T12:45:06.333Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376143 | NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376143"
        },
        {
          "name": "VDB-376143 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376143/cti"
        },
        {
          "name": "CVE-2026-14627 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14627"
        },
        {
          "name": "Submit #845598 | NousResearch Hermes Agent \u003c= 75cbdfd06b Improper Authentication (CWE-287)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/845598"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/YLChen-007/d030c690b10a97319efb129ca2f5badb"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-03T19:13:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allowed_user improper authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14627",
    "datePublished": "2026-07-04T12:45:06.333Z",
    "dateReserved": "2026-07-03T17:07:50.732Z",
    "dateUpdated": "2026-07-06T16:51:32.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14622 (GCVE-0-2026-14622)

Vulnerability from cvelistv5 – Published: 2026-07-04 08:45 – Updated: 2026-07-06 16:22
VLAI
Title
jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication
Summary
A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
jairiidriss restaurant-website-php-mysql Affected: 521428b5b612449df0cf4a5d15ee40cba67f3d35
    cpe:2.3:a:jairiidriss:restaurant-website-php-mysql:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Fklov (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14622",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T16:22:42.212289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T16:22:53.722Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:jairiidriss:restaurant-website-php-mysql:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "AJAX Endpoint"
          ],
          "product": "restaurant-website-php-mysql",
          "vendor": "jairiidriss",
          "versions": [
            {
              "status": "affected",
              "version": "521428b5b612449df0cf4a5d15ee40cba67f3d35"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Fklov (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Missing Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-04T08:45:08.095Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376138 | jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/376138"
        },
        {
          "name": "VDB-376138 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376138/cti"
        },
        {
          "name": "CVE-2026-14622 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14622"
        },
        {
          "name": "Submit #845099 | jairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticat",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/845099"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/jairiidriss/restaurant-website-php-mysql/issues/6"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/jairiidriss/restaurant-website-php-mysql/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-03T19:00:31.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "jairiidriss restaurant-website-php-mysql AJAX Endpoint ajax_files missing authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14622",
    "datePublished": "2026-07-04T08:45:08.095Z",
    "dateReserved": "2026-07-03T16:55:27.784Z",
    "dateUpdated": "2026-07-06T16:22:53.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Use an authentication framework or library such as the OWASP ESAPI Authentication feature.

CAPEC-114: Authentication Abuse

An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.

CAPEC-115: Authentication Bypass

An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.

CAPEC-151: Identity Spoofing

Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.

CAPEC-194: Fake the Source of Data

An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

CAPEC-22: Exploiting Trust in Client

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data

This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.

CAPEC-593: Session Hijacking

This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-650: Upload a Web Shell to a Web Server

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

CAPEC-94: Adversary in the Middle (AiTM)

An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.