CVE-2026-20133
MEDIUM KEVCisco Catalyst SD-WAN Manager - Info Disclosure
Title source: llmDescription
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Scores
CVSS v3
6.5
EPSS
0.0120
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CISA KEV
2026-04-20
VulnCheck KEV
2026-04-20
ENISA EUVD
EUVD-2026-8678
CWE
CWE-200
Status
published
Products (50)
cisco/catalyst_sd-wan_manager
20.12.6
cisco/catalyst_sd-wan_manager
< 20.9.8.2
Cisco/Cisco Catalyst SD-WAN Manager
17.2.10
Cisco/Cisco Catalyst SD-WAN Manager
17.2.4
Cisco/Cisco Catalyst SD-WAN Manager
17.2.5
Cisco/Cisco Catalyst SD-WAN Manager
17.2.6
Cisco/Cisco Catalyst SD-WAN Manager
17.2.7
Cisco/Cisco Catalyst SD-WAN Manager
17.2.8
Cisco/Cisco Catalyst SD-WAN Manager
17.2.9
Cisco/Cisco Catalyst SD-WAN Manager
18.2.0
... and 40 more
Published
Feb 25, 2026
KEV Added
Apr 20, 2026
Tracked Since
Feb 26, 2026