CVE-2026-20133

MEDIUM

Cisco Catalyst SD-WAN Manager - Info Disclosure

Title source: llm

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

References (1)

[Vendor Advisory] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Scores

CVSS v3 6.5

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

cisco/catalyst_sd-wan_manager < 20.9.8.2

cisco/catalyst_sd-wan_manager

Timeline

Published Feb 25, 2026

Tracked Since Feb 26, 2026