CVE-2026-20108
Cross-Site Scripting in Cisco Catalyst SD-WAN Manager
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | catalyst_sd-wan_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to execute arbitrary script code or access sensitive browser-based information by exploiting insufficient input validation in the web-based management interface of Cisco Catalyst SD-WAN Manager.
Such unauthorized access to sensitive information could potentially lead to non-compliance with data protection regulations like GDPR or HIPAA, which require safeguarding personal and sensitive data against unauthorized access or disclosure.
However, the provided information does not explicitly state the direct impact on compliance with these standards or regulations.
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco Catalyst SD-WAN Manager. It is a cross-site scripting (XSS) vulnerability that can be exploited by an authenticated, remote attacker. The root cause is insufficient validation of user input. An attacker can exploit this by convincing a user of the interface to click on a specially crafted link, which then allows the attacker to execute arbitrary script code within the context of the affected interface or access sensitive information stored in the browser.
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential execution of arbitrary scripts in the context of the web-based management interface. This could lead to unauthorized access to sensitive browser-based information, such as session tokens or user data. It may also allow attackers to perform actions on behalf of the user within the interface, potentially compromising the security and integrity of the affected device's management.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a cross-site scripting (XSS) issue in the web-based management interface of Cisco Catalyst SD-WAN Manager that requires an authenticated user to click a crafted link. Detection involves verifying if the affected software versions are in use and monitoring for suspicious crafted link usage or unexpected script execution in the interface.
There are no specific detection commands or automated detection tools mentioned in the provided resources. Detection primarily relies on identifying the affected software versions and monitoring user activity for exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Cisco strongly recommends upgrading to fixed software releases to remediate this vulnerability, as there are no available workarounds.
- Upgrade Cisco Catalyst SD-WAN Manager to one of the fixed releases: 20.12.5.3, 20.12.6.1, 20.15.4.2, 20.15.5, or 20.18.2.1.
- For versions 20.13, 20.14, and 20.16, migrate to a fixed release as these require migration rather than patching.
Verify device compatibility before upgrading and obtain fixed software through authorized Cisco channels.