Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)
Vulnerability
Summary
Hide ▲
Show ▼
CISA moved CVE-2026-20133 in Cisco Catalyst SD-WAN Manager into its KEV Catalog, signaling active exploitation against unpatched devices and forcing FCEB agencies to patch by April 24. Cisco had already patched the information disclosure flaw in late February, warning that unauthenticated remote attackers could use the affected API to read sensitive information. The issue matters because the product centrally manages up to 6,000 SD-WAN devices, so a single exposed manager can affect large networks.
Related Happenings
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector Action
H score35
First: 26.06.2026 22:43
Last: 26.06.2026 22:43
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
CISA sets June 28 patch deadline for Cisco Unified Communications Manager Server
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **CVE-2026-20230** in **Cisco Unified Communications Manager Server** by **June 28**, tightening exposure around an **actively exploited...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
Campaign
H score38
First: 25.06.2026 17:15
Last: 25.06.2026 17:15
Sources 1
About this happening:
An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
Cisco Catalyst SD-WAN unauthorized peering and SSH access campaign
CampaignAbout this happening: An active **campaign** used **unauthorized peering connections** and **SSH access** to maintain footholds inside a **service provider's Cisco Catalyst SD-WAN** environment, increa...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector Action
H score32
First: 16.06.2026 09:05
Last: 16.06.2026 09:05
Sources 1
About this happening:
**CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
CISA adds CVE-2026-20262 to KEV and orders federal fixes
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-20262** to its **Known Exploited Vulnerabilities (KEV) catalog** and required **Federal Civilian Executive Branch (FCEB)** agencies to apply Cisco's fixe...
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
Vulnerability
H score24
First: 15.06.2026 20:12
Last: 15.06.2026 20:12
Sources 1
About this happening:
**Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
Cisco Catalyst SD-WAN Manager actively exploited file upload overwrite flaw (CVE-2026-20262)
VulnerabilityAbout this happening: **Cisco Catalyst SD-WAN Manager** was patched for **CVE-2026-20262** after attackers used it to **create or overwrite files** and **escalate to root** across **all deployment type...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector Action
H score43
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
About this happening:
On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector ActionAbout this happening: On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
Timeline
-
21.04.2026 15:30 2 articles · 2mo ago
Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)
Initial DisclosureCisco patched **CVE-2026-20133** in **late February** after identifying an **information disclosure** flaw in **Catalyst SD-WAN Manager**. CISA later flagged the issue as **actively exploited** and gave federal agencies four days to secure affected systems.
Show sources
- CISA flags new SD-WAN flaw as actively exploited in attacks — www.bleepingcomputer.com — 21.04.2026 15:30
- CISA flags new SD-WAN flaw as actively exploited in attacks — www.bleepingcomputer.com — 21.04.2026 15:30