CRITICAL: CVE-2026-20122 affects Cisco Catalyst SD-WAN Manager through improper API file handling mechanisms, permitting arbitrary file overwrites and privilege escalation to vmanage account status via malicious file upload vectors on the local filesystem. Exploitation requires direct access to the affected system's API interface; successful compromise enables lateral movement within SD-WAN infrastructure and potential persistence through privileged account manipulation. CISA has flagged this vulnerability as actively exploited in the wild as of the reporting period. Patching should be prioritized for all edge instances and management appliances operating in critical network segments.