CISA has added CVE‑2026‑20133 to its Known Exploited Vulnerabilities catalogue. The entry concerns Cisco’s Catalyst SD‑WAN Manager and is titled “Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability”. The flaw allows remote attackers to view sensitive information on affected systems.
The vulnerability is an information‑exposure issue that can be exploited over the network without authentication. It has a CVSS v3.1 score of 6.5, rating it as MEDIUM severity. Cisco has released a patch that addresses the flaw, and the advisory is available via the vendor’s security centre.
Because the CVE is listed in the KEV catalogue, active exploitation has been confirmed in the wild. No known ransomware campaign has been linked to this issue at this time. CISA has set a remediation deadline of 23 April 2026 for federal agencies to apply mitigations.
CISA’s required action is: “Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD‑WAN devices as outlined in CISA’s Emergency Directive 26‑03 and CISA’s ‘Hunt & Hardening Guidance for Cisco SD‑WAN Devices’.
Adhere to the applicable BOD 22‑01 guidance for cloud services or discontinue use of the product if mitigations are not available.” This directive binds Federal Civilian Executive Branch (FCEB) agencies; all other organisations are advised to review their exposure and apply the patch or follow the supplied guidance.
For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-20133 and the CISA KEV catalogue.