CVE-2026-20133

CWE-200Information ExposureCWE-257CWE-287Improper AuthenticationCWE-6485 documents5 sources
Severity
7.5HIGH
EPSS
0.1%
top 79.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Cisco Catalyst Sd-wan Manager
Timeline
PublishedFeb 25
Latest updateFeb 26

Description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager20.1120.12.5.3+4
CVEListV5cisco/cisco_catalyst_sd-wan_manager335 versions+334

🔴Vulnerability Details

2
GHSA
GHSA-cf88-f64q-c626: A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system2026-02-25
CVEList
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability2026-02-25

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Vulnerabilities2026-02-26

🕵️Threat Intelligence

1
Wiz
CVE-2026-20133 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20133 (HIGH CVSS 7.5) | A vulnerability in Cisco Catalyst S | cvebase.io