COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-20133

CVE-2026-20133

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-20133
⌖ exploited in the wild shame 45/100 exploited-in-wilddata-breachunpatched

Cisco Catalyst SD-WAN Manager allows remote attackers to view sensitive information due to an exposure vulnerability actively exploited in the wild.

This vulnerability exposes sensitive data to unauthorized remote actors, creating a significant data breach risk for DIB organizations relying on Cisco SD-WAN infrastructure. While not an RCE, the active exploitation status and sensitivity of exposed information warrant immediate patching and network segmentation to prevent data leakage.

Shame score — The vulnerability allows unauthorized access to sensitive information rather than full system compromise, and while actively exploited, it does not involve default credentials or known negligence.

Players implicated

Cisco Systems Inc. · vendorCatalyst SD-WAN Manager · product

Description

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems.

Affected FedRAMP products 9 in the catalog

ProductProviderStatusMatch
AppDynamics GovAPM AppDynamics (a Cisco company) Authorized dex-judge · 0.95
Cisco Cloudlock for Government Cisco Systems Inc. Authorized vendor-exact · 0.90
Cisco Meraki for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco SD-WAN for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Umbrella for Government Cisco Systems Inc. In Process vendor-exact · 0.90
Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) Cisco Systems Inc. Authorized vendor-exact · 0.90
Duo Federal Duo Security (A Cisco Company) Authorized dex-judge · 0.95
WebEx Contact Center Enterprise for Government (WxCCE-G) Cisco Systems Inc. In Process vendor-exact · 0.90
Webex for Government Cisco Systems Inc. Authorized vendor-exact · 0.90