cbcvebase.
CVE-2026-20133
published 2026-02-25

CVE-2026-20133: A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This…

high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEV
CISA Known Exploited Vulnerabilitydue 2026-04-23
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

Affected

167 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocatalyst_sd-wan
ciscocatalyst_sd-wan_manager< 20.9.8.220.9.8.2
ciscocatalyst_sd-wan_manager
ciscocatalyst_sd-wan_manager>= 20.10 < 20.12.5.320.12.5.3
ciscocatalyst_sd-wan_manager>= 20.13 < 20.15.4.220.15.4.2
ciscocatalyst_sd-wan_manager>= 20.16 < 20.18.2.120.18.2.1
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager
ciscocisco_catalyst_sd-wan_manager

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH