CVE-2026-20133
Received Received - Intake
Unauthorized File Access in Cisco Catalyst SD-WAN Manager API

Publication date: 2026-02-25

Last updated on: 2026-04-22

Assigner: Cisco Systems, Inc.

Description
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-04-22
Generated
2026-05-07
AI Q&A
2026-02-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20133
EUVD
EUVD-2026-8678
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
cisco catalyst_sd-wan_manager to 20.9.8.2 (exc)
cisco catalyst_sd-wan_manager From 20.13 (inc) to 20.15.4.2 (exc)
cisco catalyst_sd-wan_manager From 20.16 (inc) to 20.18.2.1 (exc)
cisco catalyst_sd-wan_manager 20.12.6
cisco catalyst_sd-wan_manager From 20.10 (inc) to 20.12.5.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Cisco Catalyst SD-WAN Manager and allows an unauthenticated, remote attacker to view sensitive information on the affected system.

It is caused by insufficient file system access restrictions, which means the attacker can exploit the system by accessing its API.

If successfully exploited, the attacker could read sensitive information stored on the underlying operating system.


How can this vulnerability impact me? :

The impact of this vulnerability is that an attacker could gain unauthorized access to sensitive information on your system.

Since the attacker can read sensitive data without authentication, this could lead to information disclosure and potential misuse of that information.

However, the vulnerability does not allow the attacker to modify or disrupt the system's integrity or availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart