Cisco Catalyst SD-WAN Manager allows unauthorized access to sensitive system info

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Cisco Catalyst SD-WAN Manager allows unauthorized access to sensitive system info

CVE-2026-20133

Summary

An attacker can access sensitive information on a Cisco SD-WAN Manager system without logging in. This is because the system doesn't properly restrict access to its files. To protect your system, ensure that you have the latest software updates installed and consider implementing additional security measures to control access to sensitive information.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
cisco	catalyst_sd-wan_manager	<= 20.9.8.2	–
cisco	catalyst_sd-wan_manager	> 20.11 , <= 20.12.5.3	–
cisco	catalyst_sd-wan_manager	> 20.13 , <= 20.15.4.2	–
cisco	catalyst_sd-wan_manager	> 20.16 , <= 20.18.2.1	–
cisco	catalyst_sd-wan_manager	20.12.6	–

Original title

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient fi...

Original description

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

nvd CVSS3.1 7.5

Vulnerability type

CWE-200 Information Exposure

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... Vendor Advisory

Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026