CVE-2026-20133
CWE-200Published: February 25, 2026· Updated: Feb 27, 2026
Official Description
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Technical Analysis
CVE-2026-20133 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 6.5.
CISA has added CVE-2026-20133 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
From a weakness classification perspective (CWE-200): Information exposure vulnerabilities leak sensitive data to unauthorized actors.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
News & Research Mentioning CVE-2026-20133
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability CVE-2025-2749 Kentico Xperience Path Traversal Vulnerability CVE-2025-32975 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability CVE-2025-48700 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability CVE-2026-20122 Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability CVE-2026-20128 Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability CVE-2026-20133 Cisco Catalyst SD-WAN Ma [xlite_meta score:63 src:CISA Alerts xlite_fp:0b55e79970c47e4ece69ce1dd3660bb43f47c536c063390ae3b0b0034a186fa0]
All References (1)
Quick Facts
Known Threat Actors
Related CVEs (CWE-200)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-20133 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1