Cisco Product Security Update Advisory (CVE-2026-20133)
Overview.
CVE-2026-20133 is an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager.
the vulnerability creates the potential for sensitive information to be externally exposed in certain 20.x versions of the product.
Affected Versions.
- 20.9 and earlier and 20.9 versions.
- versions 20.10, 20.11, 20.12, 20.13, 20.14, 20.15, 20.16, and 20.18.
Vulnerability Impact and Attack Method.
- the type of vulnerability is information disclosure.
- there is a risk of malicious actors gaining access to sensitive information such as authentication information or internal configuration information through vulnerability exploitation.
- this is not a vulnerability that directly destroys service availability, but the potential for subsequent attacks due to information leakage exists.
Resolution Status and Recommended Action.
- Cisco has issued patch releases that fix the vulnerability.
- key fix releases include 20.9.8.2, 20.12.6.1, 20.12.5.3 (including alternate versions), 20.15.4.2, and 20.18.2.1.
- affected systems are advised to migrate to a fix release from the manufacturer.
Notes.
- for more information and patch instructions, see the Cisco Security Advisory page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp….