CRITICAL: CVE-2026-20128 affecting Cisco Catalyst SD-WAN Manager represents a privilege escalation vector. The vulnerability permits authenticated local threat actors with low-privilege account access to recover plaintext or weakly encrypted credentials stored in accessible filesystem locations, enabling lateral movement to DCA administrative accounts. Affected deployments lack proper credential protection mechanisms at rest. CISA KEV confirmation indicates active exploitation likelihood; immediate patching of affected Catalyst SD-WAN Manager instances is required across network perimeters.