CVE-2026-20133
Received Received - Intake
Unauthorized File Access in Cisco Catalyst SD-WAN Manager API

Publication date: 2026-02-25

Last updated on: 2026-04-22

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20133
EUVD
EUVD-2026-8678
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
cisco catalyst_sd-wan_manager to 20.9.8.2 (exc)
cisco catalyst_sd-wan_manager From 20.13 (inc) to 20.15.4.2 (exc)
cisco catalyst_sd-wan_manager From 20.16 (inc) to 20.18.2.1 (exc)
cisco catalyst_sd-wan_manager 20.12.6
cisco catalyst_sd-wan_manager From 20.10 (inc) to 20.12.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Cisco Catalyst SD-WAN Manager and allows an unauthenticated, remote attacker to view sensitive information on the affected system.

It is caused by insufficient file system access restrictions, which means the attacker can exploit the system by accessing its API.

If successfully exploited, the attacker could read sensitive information stored on the underlying operating system.

Impact Analysis

The impact of this vulnerability is that an attacker could gain unauthorized access to sensitive information on your system.

Since the attacker can read sensitive data without authentication, this could lead to information disclosure and potential misuse of that information.

However, the vulnerability does not allow the attacker to modify or disrupt the system's integrity or availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20133. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart