{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-20133","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2025-10-08T11:59:15.380Z","datePublished":"2026-02-25T16:13:56.017Z","dateUpdated":"2026-04-22T15:31:56.704Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2026-04-22T15:31:56.704Z"},"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.\r\n\r This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system."}],"affected":[{"vendor":"Cisco","product":"Cisco Catalyst SD-WAN Manager","versions":[{"version":"17.2.6","status":"affected"},{"version":"17.2.7","status":"affected"},{"version":"17.2.8","status":"affected"},{"version":"17.2.9","status":"affected"},{"version":"17.2.10","status":"affected"},{"version":"17.2.4","status":"affected"},{"version":"17.2.5","status":"affected"},{"version":"18.3.1.1","status":"affected"},{"version":"18.3.3.1","status":"affected"},{"version":"18.3.3","status":"affected"},{"version":"18.3.4","status":"affected"},{"version":"18.3.5","status":"affected"},{"version":"18.3.7","status":"affected"},{"version":"18.3.8","status":"affected"},{"version":"18.3.6.1","status":"affected"},{"version":"18.3.1","status":"affected"},{"version":"18.3.0","status":"affected"},{"version":"18.4.0.1","status":"affected"},{"version":"18.4.3","status":"affected"},{"version":"18.4.302","status":"affected"},{"version":"18.4.303","status":"affected"},{"version":"18.4.4","status":"affected"},{"version":"18.4.5","status":"affected"},{"version":"18.4.0","status":"affected"},{"version":"18.4.1","status":"affected"},{"version":"18.4.6","status":"affected"},{"version":"19.2.0","status":"affected"},{"version":"19.2.097","status":"affected"},{"version":"19.2.099","status":"affected"},{"version":"19.2.1","status":"affected"},{"version":"19.2.2","status":"affected"},{"version":"19.2.3","status":"affected"},{"version":"19.2.31","status":"affected"},{"version":"19.2.929","status":"affected"},{"version":"19.2.4","status":"affected"},{"version":"20.1.1.1","status":"affected"},{"version":"20.1.12","status":"affected"},{"version":"20.1.1","status":"affected"},{"version":"20.1.2","status":"affected"},{"version":"20.1.3","status":"affected"},{"version":"19.3.0","status":"affected"},{"version":"19.1.0","status":"affected"},{"version":"18.2.0","status":"affected"},{"version":"20.3.1","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"20.3.2.1","status":"affected"},{"version":"20.3.3","status":"affected"},{"version":"20.3.3.1","status":"affected"},{"version":"20.3.4","status":"affected"},{"version":"20.3.4.1","status":"affected"},{"version":"20.3.4.2","status":"affected"},{"version":"20.3.5","status":"affected"},{"version":"20.3.6","status":"affected"},{"version":"20.3.7","status":"affected"},{"version":"20.3.7.1","status":"affected"},{"version":"20.3.4.3","status":"affected"},{"version":"20.3.5.1","status":"affected"},{"version":"20.3.7.2","status":"affected"},{"version":"20.3.8","status":"affected"},{"version":"20.4.1","status":"affected"},{"version":"20.4.1.1","status":"affected"},{"version":"20.4.1.2","status":"affected"},{"version":"20.4.2","status":"affected"},{"version":"20.4.2.2","status":"affected"},{"version":"20.4.2.1","status":"affected"},{"version":"20.4.2.3","status":"affected"},{"version":"20.5.1","status":"affected"},{"version":"20.5.1.2","status":"affected"},{"version":"20.5.1.1","status":"affected"},{"version":"20.6.1","status":"affected"},{"version":"20.6.1.1","status":"affected"},{"version":"20.6.2.1","status":"affected"},{"version":"20.6.2.2","status":"affected"},{"version":"20.6.2","status":"affected"},{"version":"20.6.3","status":"affected"},{"version":"20.6.3.1","status":"affected"},{"version":"20.6.4","status":"affected"},{"version":"20.6.5","status":"affected"},{"version":"20.6.5.1","status":"affected"},{"version":"20.6.5.3","status":"affected"},{"version":"20.6.1.2","status":"affected"},{"version":"20.6.3.2","status":"affected"},{"version":"20.6.4.1","status":"affected"},{"version":"20.6.5.2","status":"affected"},{"version":"20.6.5.4","status":"affected"},{"version":"20.6.3.3","status":"affected"},{"version":"20.6.4.2","status":"affected"},{"version":"20.6.3.0.45","status":"affected"},{"version":"20.6.3.0.46","status":"affected"},{"version":"20.6.3.0.47","status":"affected"},{"version":"20.6.3.4","status":"affected"},{"version":"20.6.4.0.21","status":"affected"},{"version":"20.6.5.1.10","status":"affected"},{"version":"20.6.5.1.11","status":"affected"},{"version":"20.6.5.1.7","status":"affected"},{"version":"20.6.5.1.9","status":"affected"},{"version":"20.6.5.2.4","status":"affected"},{"version":"20.6.5.5","status":"affected"},{"version":"20.6.5.2.8","status":"affected"},{"version":"20.6.5.1.13","status":"affected"},{"version":"20.6.6","status":"affected"},{"version":"20.6.7","status":"affected"},{"version":"20.6.8","status":"affected"},{"version":"20.7.1","status":"affected"},{"version":"20.7.1.1","status":"affected"},{"version":"20.7.2","status":"affected"},{"version":"20.8.1","status":"affected"},{"version":"20.9.1","status":"affected"},{"version":"20.9.2","status":"affected"},{"version":"20.9.2.1","status":"affected"},{"version":"20.9.3","status":"affected"},{"version":"20.9.3.1","status":"affected"},{"version":"20.9.2.3","status":"affected"},{"version":"20.9.3.0.12","status":"affected"},{"version":"20.9.3.0.16","status":"affected"},{"version":"20.9.3.0.17","status":"affected"},{"version":"20.9.3.0.18","status":"affected"},{"version":"20.9.3.0.20","status":"affected"},{"version":"20.9.3.0.21","status":"affected"},{"version":"20.9.3.2","status":"affected"},{"version":"20.9.3.2_LI_Images","status":"affected"},{"version":"20.9.4","status":"affected"},{"version":"20.9.4_LI_Images","status":"affected"},{"version":"20.9.3.0.23","status":"affected"},{"version":"20.9.4.1","status":"affected"},{"version":"20.9.5","status":"affected"},{"version":"20.9.5.1","status":"affected"},{"version":"20.9.5.2","status":"affected"},{"version":"20.9.6","status":"affected"},{"version":"20.9.5.3","status":"affected"},{"version":"20.9.7","status":"affected"},{"version":"20.9.7.1","status":"affected"},{"version":"20.9.8","status":"affected"},{"version":"20.10.1","status":"affected"},{"version":"20.10.1.1","status":"affected"},{"version":"20.10.1.2","status":"affected"},{"version":"20.11.1","status":"affected"},{"version":"20.11.1.1","status":"affected"},{"version":"20.11.1.2","status":"affected"},{"version":"20.12.1","status":"affected"},{"version":"20.12.1_LI_Images","status":"affected"},{"version":"20.12.2","status":"affected"},{"version":"20.12.3","status":"affected"},{"version":"20.12.3.1","status":"affected"},{"version":"20.12.4","status":"affected"},{"version":"20.12.4.1","status":"affected"},{"version":"20.12.5","status":"affected"},{"version":"20.12.5.1","status":"affected"},{"version":"20.12.5.2","status":"affected"},{"version":"20.12.6","status":"affected"},{"version":"20.13.1","status":"affected"},{"version":"20.14.1","status":"affected"},{"version":"20.15.1","status":"affected"},{"version":"20.15.2","status":"affected"},{"version":"20.15.3","status":"affected"},{"version":"20.15.3.1","status":"affected"},{"version":"20.15.4","status":"affected"},{"version":"20.15.4.1","status":"affected"},{"version":"20.16.1","status":"affected"},{"version":"20.18.1","status":"affected"},{"version":"20.18.2","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Exposure of Sensitive Information to an Unauthorized Actor","type":"cwe","cweId":"CWE-200"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v","name":"cisco-sa-sdwan-authbp-qwCX8D4v"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"exploits":[{"lang":"en","value":"In April 2026, the Cisco PSIRT became aware of active exploitation of the vulnerability that is described in CVE-2026-20133. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."}],"source":{"advisory":"cisco-sa-sdwan-authbp-qwCX8D4v","discovery":"INTERNAL","defects":["CSCws33583"]}},"adp":[{"references":[{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133","tags":["government-resource"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-22T13:54:59.090766Z","id":"CVE-2026-20133","options":[{"Exploitation":"active"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}},{"other":{"type":"kev","content":{"dateAdded":"2026-04-20","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-22T13:55:06.357Z"}}]}}