CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager that allows unauthenticated, remote attackers to view sensitive information by accessing the API. SD-WAN Manager is typically deployed as an internet-facing centralized management platform.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-02-25
Added to CISA KEV: 2026-04-20 54 DAYS BETWEEN CVE AND KEV
The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is remote, via the exposed API, and the impact is limited to information disclosure; there is no evidence of code execution, privilege escalation, or denial of service. Generated by OpenCVE AI on April 16, 2026 at 06:07 UTC.
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager allowing unauthenticated attackers to view sensitive system data. This article covers technical details, affected versions, and mitigation.
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected ...
CVE-2026-20133: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability. Continuing the Cisco theme, VulnCheck's exploits index does not currently list a public exploit for CVE-2026-20133.The team developed an exploit that allows remote attackers to forge authentication tokens. The team also provided a vulnerable Docker container and PCAPs.