CVE-2026-20133 MEDIUM

CVE-2026-20133

Vendor Cisco
Product Cisco Catalyst SD-WAN Manager
Weakness CWE-200 · Info exposure
KEV Status Known Exploited
Published February 25, 2026
Last update April 22, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CISA mandated remediation

02CISA Required Action

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Key dates

03Disclosure timeline

February 25, 2026 CVE published
April 22, 2026 Record updated

Related vulnerabilities

05Related CVE

CVE-2026-33422 Discourse exposes ip_address of flagged user CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information CVE-2024-32967 Zitadel exposes internal database user name and host information CVE-2024-47779 Element Web vulnerable to potential exposure of access token via authenticated media CVE-2025-4593 WP Register Profile With Shortcode <= 3.6.2 - Authenticated (Contributor+) Sensitive Information Exposure