Description
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Published: 2026-02-25
Score: 6.5 Medium
EPSS: 1.4% Low
KEV: Yes
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Information Disclosure via File System Restrictions in Cisco Catalyst SD-WAN Manager

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Title Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

Mon, 20 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-20T00:00:00+00:00', 'dueDate': '2026-04-23T00:00:00+00:00'}

Wed, 04 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*

Fri, 27 Feb 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Title Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Cisco Catalyst Sd-wan Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-04-22T15:31:56.704Z

Reserved: 2025-10-08T11:59:15.380Z

Link: CVE-2026-20133

cve-icon Vulnrichment

Updated: 2026-02-25T18:17:58.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T17:25:30.983

Modified: 2026-04-22T16:56:21.973

Link: CVE-2026-20133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:30:26Z

Weaknesses