CVE-2026-20122 affects Cisco Catalyst SD-WAN Manager and permits arbitrary file overwrites through improper API validation on the file handling interface, enabling privilege escalation to vmanage user level via malicious file upload. The vulnerability stems from inadequate permission checks on privileged API calls, allowing an unauthenticated or low-privilege threat actor to manipulate the local file system on affected SD-WAN infrastructure. Exploitation of this vector could compromise network management capabilities across enterprise SD-WAN deployments relying on Catalyst platforms.