ACCORDING to CISA, the KEV entry for CVE-2026-20133 concerns Cisco Catalyst SD-WAN Manager, a vulnerability described as an exposure of sensitive information to an unauthorised actor that could allow remote attackers to view sensitive information on affected systems. It is linked to CWE-200 and is currently marked as Unknown regarding being used in ransomware campaigns. The record shows an entry date of 20 April 2026 and a due date of 23 April 2026.
The page directs readers to CISA mitigation instructions and related hunt and hardening guidance for Cisco SD-WAN devices, with additional references to Cisco security advisories and the NVD entry for the CVE. The KEV Catalog provides CSV, JSON, and JSON Schema formats for download, along with a Print View and explanatory notes.