{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-20133", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2025-10-08T11:59:15.380Z", "datePublished": "2026-02-25T16:13:56.017Z", "dateUpdated": "2026-04-22T15:31:56.704Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2026-04-22T15:31:56.704Z" }, "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.\r\n\r This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system." } ], "affected": [ { "vendor": "Cisco", "product": "Cisco Catalyst SD-WAN Manager", "versions": [ { "version": "17.2.6", "status": "affected" }, { "version": "17.2.7", "status": "affected" }, { "version": "17.2.8", "status": "affected" }, { "version": "17.2.9", "status": "affected" }, { "version": "17.2.10", "status": "affected" }, { "version": "17.2.4", "status": "affected" }, { "version": "17.2.5", "status": "affected" }, { "version": "18.3.1.1", "status": "affected" }, { "version": "18.3.3.1", "status": "affected" }, { "version": "18.3.3", "status": "affected" }, { "version": "18.3.4", "status": "affected" }, { "version": "18.3.5", "status": "affected" }, { "version": "18.3.7", "status": "affected" }, { "version": "18.3.8", "status": "affected" }, { "version": "18.3.6.1", "status": "affected" }, { "version": "18.3.1", "status": "affected" }, { "version": "18.3.0", "status": "affected" }, { "version": "18.4.0.1", "status": "affected" }, { "version": "18.4.3", "status": "affected" }, { "version": "18.4.302", "status": "affected" }, { "version": "18.4.303", "status": "affected" }, { "version": "18.4.4", "status": "affected" }, { "version": "18.4.5", "status": "affected" }, { "version": "18.4.0", "status": "affected" }, { "version": "18.4.1", "status": "affected" }, { "version": "18.4.6", "status": "affected" }, { "version": "19.2.0", "status": "affected" }, { "version": "19.2.097", "status": "affected" }, { "version": "19.2.099", "status": "affected" }, { "version": "19.2.1", "status": "affected" }, { "version": "19.2.2", "status": "affected" }, { "version": "19.2.3", "status": "affected" }, { "version": "19.2.31", "status": "affected" }, { "version": "19.2.929", "status": "affected" }, { "version": "19.2.4", "status": "affected" }, { "version": "20.1.1.1", "status": "affected" }, { "version": "20.1.12", "status": "affected" }, { "version": "20.1.1", "status": "affected" }, { "version": "20.1.2", "status": "affected" }, { "version": "20.1.3", "status": "affected" }, { "version": "19.3.0", "status": "affected" }, { "version": "19.1.0", "status": "affected" }, { "version": "18.2.0", "status": "affected" }, { "version": "20.3.1", "status": "affected" }, { "version": "20.3.2", "status": "affected" }, { "version": "20.3.2.1", "status": "affected" }, { "version": "20.3.3", "status": "affected" }, { "version": "20.3.3.1", "status": "affected" }, { "version": "20.3.4", "status": "affected" }, { "version": "20.3.4.1", "status": "affected" }, { "version": "20.3.4.2", "status": "affected" }, { "version": "20.3.5", "status": "affected" }, { "version": "20.3.6", "status": "affected" }, { "version": "20.3.7", "status": "affected" }, { "version": "20.3.7.1", "status": "affected" }, { "version": "20.3.4.3", "status": "affected" }, { "version": "20.3.5.1", "status": "affected" }, { "version": "20.3.7.2", "status": "affected" }, { "version": "20.3.8", "status": "affected" }, { "version": "20.4.1", "status": "affected" }, { "version": "20.4.1.1", "status": "affected" }, { "version": "20.4.1.2", "status": "affected" }, { "version": "20.4.2", "status": "affected" }, { "version": "20.4.2.2", "status": "affected" }, { "version": "20.4.2.1", "status": "affected" }, { "version": "20.4.2.3", "status": "affected" }, { "version": "20.5.1", "status": "affected" }, { "version": "20.5.1.2", "status": "affected" }, { "version": "20.5.1.1", "status": "affected" }, { "version": "20.6.1", "status": "affected" }, { "version": "20.6.1.1", "status": "affected" }, { "version": "20.6.2.1", "status": "affected" }, { "version": "20.6.2.2", "status": "affected" }, { "version": "20.6.2", "status": "affected" }, { "version": "20.6.3", "status": "affected" }, { "version": "20.6.3.1", "status": "affected" }, { "version": "20.6.4", "status": "affected" }, { "version": "20.6.5", "status": "affected" }, { "version": "20.6.5.1", "status": "affected" }, { "version": "20.6.5.3", "status": "affected" }, { "version": "20.6.1.2", "status": "affected" }, { "version": "20.6.3.2", "status": "affected" }, { "version": "20.6.4.1", "status": "affected" }, { "version": "20.6.5.2", "status": "affected" }, { "version": "20.6.5.4", "status": "affected" }, { "version": "20.6.3.3", "status": "affected" }, { "version": "20.6.4.2", "status": "affected" }, { "version": "20.6.3.0.45", "status": "affected" }, { "version": "20.6.3.0.46", "status": "affected" }, { "version": "20.6.3.0.47", "status": "affected" }, { "version": "20.6.3.4", "status": "affected" }, { "version": "20.6.4.0.21", "status": "affected" }, { "version": "20.6.5.1.10", "status": "affected" }, { "version": "20.6.5.1.11", "status": "affected" }, { "version": "20.6.5.1.7", "status": "affected" }, { "version": "20.6.5.1.9", "status": "affected" }, { "version": "20.6.5.2.4", "status": "affected" }, { "version": "20.6.5.5", "status": "affected" }, { "version": "20.6.5.2.8", "status": "affected" }, { "version": "20.6.5.1.13", "status": "affected" }, { "version": "20.6.6", "status": "affected" }, { "version": "20.6.7", "status": "affected" }, { "version": "20.6.8", "status": "affected" }, { "version": "20.7.1", "status": "affected" }, { "version": "20.7.1.1", "status": "affected" }, { "version": "20.7.2", "status": "affected" }, { "version": "20.8.1", "status": "affected" }, { "version": "20.9.1", "status": "affected" }, { "version": "20.9.2", "status": "affected" }, { "version": "20.9.2.1", "status": "affected" }, { "version": "20.9.3", "status": "affected" }, { "version": "20.9.3.1", "status": "affected" }, { "version": "20.9.2.3", "status": "affected" }, { "version": "20.9.3.0.12", "status": "affected" }, { "version": "20.9.3.0.16", "status": "affected" }, { "version": "20.9.3.0.17", "status": "affected" }, { "version": "20.9.3.0.18", "status": "affected" }, { "version": "20.9.3.0.20", "status": "affected" }, { "version": "20.9.3.0.21", "status": "affected" }, { "version": "20.9.3.2", "status": "affected" }, { "version": "20.9.3.2_LI_Images", "status": "affected" }, { "version": "20.9.4", "status": "affected" }, { "version": "20.9.4_LI_Images", "status": "affected" }, { "version": "20.9.3.0.23", "status": "affected" }, { "version": "20.9.4.1", "status": "affected" }, { "version": "20.9.5", "status": "affected" }, { "version": "20.9.5.1", "status": "affected" }, { "version": "20.9.5.2", "status": "affected" }, { "version": "20.9.6", "status": "affected" }, { "version": "20.9.5.3", "status": "affected" }, { "version": "20.9.7", "status": "affected" }, { "version": "20.9.7.1", "status": "affected" }, { "version": "20.9.8", "status": "affected" }, { "version": "20.10.1", "status": "affected" }, { "version": "20.10.1.1", "status": "affected" }, { "version": "20.10.1.2", "status": "affected" }, { "version": "20.11.1", "status": "affected" }, { "version": "20.11.1.1", "status": "affected" }, { "version": "20.11.1.2", "status": "affected" }, { "version": "20.12.1", "status": "affected" }, { "version": "20.12.1_LI_Images", "status": "affected" }, { "version": "20.12.2", "status": "affected" }, { "version": "20.12.3", "status": "affected" }, { "version": "20.12.3.1", "status": "affected" }, { "version": "20.12.4", "status": "affected" }, { "version": "20.12.4.1", "status": "affected" }, { "version": "20.12.5", "status": "affected" }, { "version": "20.12.5.1", "status": "affected" }, { "version": "20.12.5.2", "status": "affected" }, { "version": "20.12.6", "status": "affected" }, { "version": "20.13.1", "status": "affected" }, { "version": "20.14.1", "status": "affected" }, { "version": "20.15.1", "status": "affected" }, { "version": "20.15.2", "status": "affected" }, { "version": "20.15.3", "status": "affected" }, { "version": "20.15.3.1", "status": "affected" }, { "version": "20.15.4", "status": "affected" }, { "version": "20.15.4.1", "status": "affected" }, { "version": "20.16.1", "status": "affected" }, { "version": "20.18.1", "status": "affected" }, { "version": "20.18.2", "status": "affected" } ] } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "type": "cwe", "cweId": "CWE-200" } ] } ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v", "name": "cisco-sa-sdwan-authbp-qwCX8D4v" } ], "metrics": [ { "format": "cvssV3_1", "cvssV3_1": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" } } ], "exploits": [ { "lang": "en", "value": "In April 2026, the Cisco PSIRT became aware of active exploitation of the vulnerability that is described in CVE-2026-20133. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities." } ], "source": { "advisory": "cisco-sa-sdwan-authbp-qwCX8D4v", "discovery": "INTERNAL", "defects": [ "CSCws33583" ] } }, "adp": [ { "references": [ { "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133", "tags": [ "government-resource" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-04-22T13:54:59.090766Z", "id": "CVE-2026-20133", "options": [ { "Exploitation": "active" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } }, { "other": { "type": "kev", "content": { "dateAdded": "2026-04-20", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T13:55:06.357Z" } } ] } }