A high-severity vulnerability in Cisco Catalyst SD-WAN Manager, tracked as CVE-2026-20133, is being actively exploited in the wild, prompting its inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog. This flaw, which carries a CVSS score of 7.5, was disclosed on February 25, 2026, and has been exploited within 53 days of its disclosure.
The vulnerability stems from insufficient file system access restrictions, allowing unauthenticated, remote attackers to access sensitive information on affected systems. Attackers can exploit this flaw by interacting with the API of the Cisco Catalyst SD-WAN Manager, potentially leading to unauthorized data exposure.
Given the active exploitation of this vulnerability, organizations using Cisco Catalyst SD-WAN Manager are at heightened risk. The vulnerability's presence in the KEV list underscores the urgency for affected entities to apply patches or mitigations to protect their systems from potential breaches.
Cisco has released patches to address this issue, and security teams are advised to prioritize the deployment of these updates. Additionally, monitoring for unusual API access patterns could help in detecting exploitation attempts. Organizations should also review their access controls and ensure that sensitive information is adequately protected against unauthorized access.
As attackers continue to exploit this vulnerability, timely patching and vigilant monitoring are critical to safeguarding sensitive data managed by Cisco Catalyst SD-WAN Manager.
CSURFACE