CVE-2026-20108 MEDIUM

CVE-2026-20108

Vendor Cisco
Product Cisco Catalyst SD-WAN Manager
Weakness CWE-79 · XSS
Published March 25, 2026
Last update March 27, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Key dates

02Disclosure timeline

March 25, 2026 CVE published
March 27, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-39382 WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. CVE-2024-12520 Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-68163