CISA has ordered federal agencies to secure Catalyst SD-WAN Manager systems within four days after adding an information-disclosure flaw (CVE-2026-20133) to its Known Exploited Vulnerabilities catalog. Cisco patched the issue in February, warning that unauthenticated attackers could read sensitive operating system data, although Cisco says it is not aware of public exploitation reports. #CatalystSDWANManager #CVE-2026-20133
Keypoints
- CISA mandated FCEB agencies patch CVE-2026-20133 by April 24 due to evidence of active exploitation.
- The vulnerability allows unauthenticated remote attackers to access sensitive information via the device API because of insufficient file system access restrictions.
- Cisco issued a February patch for the flaw but has not confirmed malicious use in the wild for CVE-2026-20133.
- Earlier Cisco fixes addressed two other SDβWAN vulnerabilities and a critical authentication bypass exploited since 2023.
- CISA has listed 91 Cisco vulnerabilities as exploited in the wild over recent years, with six tied to ransomware operations.