CVE-2026-20133

Modified
Published: 25 Feb 2026, 16:13
Last modified:20 Apr 2026, 22:20

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.07% LOW
0% probability 0.00%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

25 Feb 2026, 16:13
Published
Vulnerability first disclosed
20 Apr 2026, 00:00
Added to CISA KEV
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
20 Apr 2026, 22:20
Last Modified
Vulnerability information updated
23 Apr 2026, 00:00
CISA Remediation Due
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 0.07% Percentile: 21%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

  • UnknownCatalyst SD-WAN Manager

    < 20.9.8.2 | ≥ 20.11, < 20.12.5.3 | ≥ 20.13, < 20.15.4.2 | ≥ 20.16, < 20.18.2.1 | 20.12.6

  • ciscocisco catalyst sd-wan manager

    20.1.12 | 19.2.1 | 18.4.4 | 18.4.5 | 20.1.1.1 | 20.1.1 | 19.3.0 | 19.2.2 | 19.2.099 | 18.3.6 | 18.3.7 | 19.2.0 | 18.3.8 | 19.0.0 | 19.1.0 | 18.4.302 | 18.4.303 | 19.2.097 | 19.2.098 | 17.2.10 | 18.3.6.1 | 19.0.1a | 18.2.0 | 18.4.3 | 18.4.1 | 17.2.8 | 18.3.3.1 | 18.4.0 | 18.3.1 | 17.2.6 | 17.2.9 | 18.3.4 | 17.2.5 | 18.3.1.1 | 18.3.5 | 18.4.0.1 | 18.3.3 | 17.2.7 | 17.2.4 | 18.3.0 | 19.2.3 | 18.4.501_ES | 20.3.1 | 20.1.2 | 19.2.929 | 19.2.31 | 20.3.2 | 19.2.32 | 20.3.2_925 | 20.3.2.1 | 20.3.2.1_927 | 18.4.6 | 20.1.2_937 | 20.4.1 | 20.3.2_928 | 20.3.2_929 | 20.4.1.0.1 | 20.3.2.1_930 | 19.2.4 | 20.5.0.1.1 | 20.4.1.1 | 20.3.3 | 19.2.4.0.1 | 20.3.2_937 | 20.3.3.1 | 20.5.1 | 20.1.3 | 20.3.3.0.4 | 20.3.3.1.2 | 20.3.3.1.1 | 20.4.1.2 | 20.3.3.0.2 | 20.4.1.1.5 | 20.4.1.0.01 | 20.4.1.0.02 | 20.3.3.1.7 | 20.3.3.1.5 | 20.5.1.0.1 | 20.3.3.1.10 | 20.3.3.0.8 | 20.4.2 | 20.4.2.0.1 | 20.3.4 | 20.3.3.0.14 | 19.2.4.0.8 | 19.2.4.0.9 | 20.3.4.0.1 | 20.3.2.0.5 | 20.6.1 | 20.5.1.0.2 | 20.3.3.0.17 | 20.6.1.1 | 20.6.0.18.3 | 20.3.2.0.6 | 20.6.0.18.4 | 20.4.2.0.2 | 20.3.3.0.16 | 20.3.4.0.5 | 20.6.1.0.1 | 20.3.4.0.6 | 20.6.2 | 20.7.1EFT2 | 20.3.4.0.9 | 20.3.4.0.11 | 20.4.2.0.4 | 20.3.3.0.18 | 20.7.1 | 20.6.2.1 | 20.3.4.1 | 20.5.1.1 | 20.4.2.1 | 20.4.2.1.1 | 20.3.4.1.1 | 20.3.813 | 20.3.4.0.19 | 20.4.2.2.1 | 20.5.1.2 | 20.3.4.2 | 20.3.814 | 20.4.2.2 | 20.6.2.2 | 20.3.4.2.1 | 20.7.1.1 | 20.3.4.1.2 | 20.6.2.2.2 | 20.3.4.0.20 | 20.6.2.2.3 | 20.4.2.2.2 | 20.3.5 | 20.6.2.0.4 | 20.4.2.2.3 | 20.3.4.0.24 | 20.6.2.2.7 | 20.6.3 | 20.3.4.2.2 | 20.4.2.2.4 | 20.7.1.0.2 | 20.8.1 | 20.3.5.0.8 | 20.3.5.0.9 | 20.4.2.2.8 | 20.3.5.0.7 | 20.6.3.0.7 | 20.6.3.0.5 | 20.6.3.0.10 | 20.6.3.0.2 | 20.7.2 | 20.9.1EFT2 | 20.6.3.0.11 | 20.6.3.1 | 20.6.3.0.14 | 20.6.4 | 20.9.1 | 20.6.3.0.19 | 20.6.3.0.18 | 20.3.6 | 20.9.1.1 | 20.6.3.0.23 | 20.6.4.0.4 | 20.6.3.0.25 | 20.6.5 | 20.6.3.0.27 | 20.9.2 | 20.9.2.1 | 20.6.3.0.29 | 20.6.3.0.31 | 20.6.3.0.32 | 20.10.1 | 20.6.3.0.33 | 20.9.2.0.01 | 20.9.1_LI_Images | 20.10.1_LI_Images | 20.9.2_LI_Images | 20.3.7 | 20.9.3 | 20.6.5.1 | 20.11.1_LI_Images | 20.9.3_LI_ Images | 20.6.3.1.1 | 20.9.3.0.2 | 20.6.5.1.2 | 20.9.3.0.3 | 20.4.2.3 | 20.6.3.2 | 20.6.4.1 | 20.6.3.0.38 | 20.6.3.0.39 | 20.3.5.1 | 20.3.4.3 | 20.9.3.1 | 20.3.3.2 | 20.6.5.2 | 20.3.7.1 | 20.10.1.1 | 20.6.5.2.1 | 20.3.4.0.25 | 20.6.2.2.4 | 20.6.1.2 | 20.11.1.1 | 20.9.3.0.5 | 20.3.4.0.26 | 20.6.5.1.3 | 20.6.3.0.40 | 20.1.3.1 | 20.9.2.2 | 20.6.5.2.3 | 20.6.5.1.4 | 20.6.5.3 | 20.6.3.0.41 | 20.9.3.0.7 | 20.6.5.1.5 | 20.9.3.0.4 | 20.6.4.0.19 | 20.6.5.1.6 | 20.9.3.0.8 | 20.6.3.3 | 20.3.7.2 | 20.6.5.4 | 20.6.5.1.7 | 20.9.3.0.12 | 20.6.4.2 | 20.6.5.5 | 20.9.3.2 | 20.11.1.2 | 20.6.3.4 | 20.10.1.2 | 20.6.5.1.9 | 20.9.3.0.16 | 20.6.3.0.45 | 20.6.5.1.10 | 20.9.3.0.17 | 20.6.5.2.4 | 20.6.4.0.21 | 20.9.3.0.18 | 20.6.3.0.46 | 20.6.3.0.47 | 20.9.2.3 | 20.9.3.2_LI_Images | 20.9.3.0.21 | 20.9.3.0.20 | 20.9.4_LI_Images | 20.9.4 | 20.6.5.1.11 | 20.12.1 | 20.12.1_LI_Images | 20.6.5.1.13 | 20.9.3.0.23 | 20.6.5.2.8 | 20.9.4.1 | 20.9.4.1_LI_Images | 20.9.3.0.25 | 20.9.3.0.24 | 20.6.5.1.14 | 20.3.8 | 20.6.6 | 20.9.3.0.26 | 20.6.3.0.51 | 20.9.3.0.29 | 20.12.2 | 20.12.2_LI_Images | 20.6.6.0.1 | 20.13.1_LI_Images | 20.9.4.0.4 | 20.9.4.1.1 | 20.9.5 | 20.9.5_LI_Images | 20.12.3_LI_Images | 20.12.3 | 20.9.4.1.3 | 20.6.7 | 20.9.5.1 | 20.9.5.1_LI_Images | 20.9.4.1.6 | 20.14.1 | 20.14.1_LI_Images | 20.9.5.2 | 20.9.5.2.1 | 20.9.5.2_LI_Images | 20.12.3.1 | 20.12.4 | 20.15.1_LI_Images | 20.15.1 | 20.9.5.1.4 | 20.9.5.2.7 | 20.9.5.2.13 | 20.9.6 | 20.9.6_LI_Images | 20.9.5.2.14 | 20.6.8 | 20.12.4.0.03 | 20.16.1 | 20.16.1_LI_Images | 20.12.4_LI_Images | 20.9.5.2.16 | 20.12.4.0.4 | 20.12.401 | 20.9.5.3 | 20.9.5.3_LI_Images | 20.12.4.1_LI_Images | 20.12.4.1 | 20.9.5.2.21 | 20.9.6.0.3 | 20.12.4.0.6 | 20.15.2_LI_Images | 20.15.2 | 20.12.4_Monthly_ES5 | 20.12.5 | 20.12.5_LI_Images | 20.9.7_LI _Images | 20.9.7 | 20.15.3 | 20.15.3_ LI _Images | 20.12.501 | 20.12.5.1_LI_Images | 20.12.5.1 | 20.12.5.2_LI_Images | 20.12.5.2 | 20.15.3.1 | 20.15.4_LI_Images | 20.15.4 | 20.9.7.1_LI _Images | 20.9.7.1 | 20.18.1 | 20.18.1_LI_Images | 20.12.6_LI_Images | 20.12.6 | 20.12.5.1.01 | 20.9.8 | 20.9.8_LI_Images | 20.18.2 | 20.15.4.1_LI_Images | 20.15.4.1 | 20.18.2_LI_Images

References (2)