🔴 CVE-2026-20133

CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager that allows unauthenticated, remote attackers to view sensitive information by accessing the API. SD-WAN Manager is typically deployed as an internet-facing centralized management platform.

← Back to Overview
HIGH_RISK
Risk Level
6.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-02-25

Added to CISA KEV: 2026-04-20 54 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-04-20)

CVE-2026-20133 is an information disclosure vulnerability affecting Cisco Catalyst SD-WAN Manager [3][4]. It allows unauthenticated, remote attackers to view sensitive system data [3][4].

Here's a breakdown of what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability is present in Cisco Catalyst SD-WAN Manager, which is likely to be internet-facing or accessible within a network infrastructure.
  • Evidence of active exploitation in the wild: There is no explicit mention in the provided search results of CVE-2026-20133 being actively exploited in the wild. However, CISA's Known Exploited Vulnerabilities (KEV) catalog is based on evidence of active exploitation [2][6].
  • Attack vectors and exploitation methods: The likely attack vector is remote, via the exposed API [1]. The vulnerability stems from insufficient file system access restrictions [7][8]. One research team developed an exploit that allows remote attackers to forge authentication tokens [5].
  • Targeted attacks: There is no specific information indicating whether CVE-2026-20133 has been used in targeted attacks.
  • CISA Known Exploited Vulnerabilities status: As of the provided information, CVE-2026-20133 is not listed in CISA’s Known Exploited Vulnerabilities catalog [1].
  • Technical details about internet exploitability: The vulnerability allows an unauthenticated, remote attacker to view sensitive information [3][4]. The impact is limited to information disclosure, with no evidence of code execution, privilege escalation, or denial of service [1].

Sources

  1. CVE-2026-20133 - Vulnerability Details - OpenCVE

    The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog. The likely attack vector is remote, via the exposed API, and the impact is limited to information disclosure; there is no evidence of code execution, privilege escalation, or denial of service. Generated by OpenCVE AI…

  2. Known Exploited Vulnerabilities Catalog - CISA

    For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catal…

  3. CVE-2026-20133: Cisco SD-WAN Manager Info Disclosure Flaw

    CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager allowing unauthenticated attackers to view sensitive system data. This article covers technical details, affected versions, and mitigation.

  4. CVE-2026-20133 - NVD

    A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected ...

  5. So so so much Cisco - Initial Access

    CVE-2026-20133: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability. Continuing the Cisco theme, VulnCheck's exploits index does not currently list a public exploit for CVE-2026-20133.The team developed an exploit that allows remote attackers to forge authentication tokens. The team a…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed