Cisco Discloses XSS in Catalyst SD-WAN Manager and SSRF in Nexus Dashboard
Cisco published security advisories for two enterprise management platforms: a cross-site scripting (XSS) flaw in Cisco Catalyst SD-WAN Manager and a server-side request forgery (SSRF) flaw affecting Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. The issues affect products used to centrally manage networking infrastructure, raising the risk that attackers could target administrative interfaces and backend request handling in high-value environments.
The advisories identify separate web-application security weaknesses in Cisco's network management stack, with one issue tied to malicious script execution in the SD-WAN management interface and the other to unauthorized server-side requests from Nexus Dashboard components. Organizations using these platforms should review Cisco's product advisories, determine affected deployments, and prioritize remediation or mitigations for exposed management systems.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Cisco discloses Nexus Dashboard Insights arbitrary file write vulnerability
Cisco published a security advisory for an arbitrary file write vulnerability affecting Cisco Nexus Dashboard Insights. No additional technical details or remediation timeline are provided in the reference content.
Cisco discloses Nexus Dashboard SSRF vulnerability
Cisco published a security advisory for a server-side request forgery vulnerability affecting Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights. No further event details are included in the reference content.
Cisco discloses Catalyst SD-WAN Manager XSS vulnerability
Cisco published a security advisory for a cross-site scripting vulnerability affecting Cisco Catalyst SD-WAN Manager. No additional technical details or remediation timeline are provided in the reference content.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability
sec.cloudapps.cisco.com
Open sourceCisco Nexus Dashboard and Nexus Dashboard Insights Server-Side Request Forgery Vulnerability
sec.cloudapps.cisco.com
Open sourceCisco Integrated Management Controller Authentication Bypass Vulnerability
sec.cloudapps.cisco.com
Open sourceCisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability
sec.cloudapps.cisco.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cisco Catalyst SD-WAN Manager Flaws Expose XSS and Multiple Vulnerabilities
dCERT issued advisories for **Cisco Catalyst SD-WAN Manager** and the **SD-WAN Controller**, warning of multiple security flaws affecting core SD-WAN management components. One advisory covers several vulnerabilities across the management platform and controller, indicating broader exposure in systems used to administer and orchestrate enterprise SD-WAN environments. A separate dCERT advisory identifies a **cross-site scripting (XSS)** vulnerability in Cisco Catalyst SD-WAN Manager, highlighting the risk that attackers could inject malicious script into the web-based management interface. Together, the notices point to security weaknesses in Cisco SD-WAN administrative infrastructure that could affect the confidentiality and integrity of management sessions and require prompt review and remediation by defenders.
Apr 21, 2026
Cisco Patches Unauthorized Access and Authentication Bypass Flaws
Cisco disclosed two security vulnerabilities affecting enterprise products: an **unauthorized access flaw** in the **Cisco Nexus Dashboard Configuration Backup REST API** and an **authentication bypass flaw** in **Cisco Secure Web Appliance**. The Nexus Dashboard issue could expose backup-related functionality through the REST API without proper access controls, while the Secure Web Appliance flaw could allow an attacker to bypass authentication protections and gain access to affected systems. The advisories indicate separate weaknesses in Cisco infrastructure and security platforms that could undermine administrative boundaries and trusted access if left unpatched. Organizations using **Cisco Nexus Dashboard** or **Cisco Secure Web Appliance** should review Cisco's product advisories, identify affected deployments, and prioritize remediation to prevent unauthorized access to management or security enforcement functions.
Apr 15, 2026
Actively Exploited Critical Vulnerabilities in Cisco Secure Firewall and Catalyst SD-WAN Manager
Belgium’s CCB (Safeonweb) warned of **multiple critical vulnerabilities** across several **Cisco** products—specifically calling out **Cisco Secure Firewall** (including *Adaptive Security Appliance (ASA)*, *Firepower Management Center (FMC)*, and *Firepower Threat Defense (FTD)*) and **Cisco Catalyst SD-WAN Manager**—and stated that **some vulnerabilities are being actively exploited**, urging immediate patching. The advisory lists a broad set of weakness classes including **authentication bypass** (`CWE-288`/`CWE-287`), **deserialization of untrusted data** (`CWE-502`), **buffer overflow** (`CWE-120`), **SQL injection** (`CWE-89`), and **sensitive information exposure** (`CWE-200`), and highlights multiple CVEs including **CVE-2026-20079** and **CVE-2026-20131** with **CVSS 10.0**. A separate advisory from the Center for Internet Security (CIS) also reported **multiple vulnerabilities in Cisco products** that could enable **remote code execution**, enumerating a large set of related CVEs (including **CVE-2026-20001**, **CVE-2026-20002**, **CVE-2026-20003**, and **CVE-2026-20039**). Taken together, the advisories indicate a high-risk patching priority for organizations running affected Cisco network/security management and firewall platforms, particularly where internet exposure or untrusted management-plane access could make exploitation more likely.
Mar 21, 2026