CISA has added CVE-2026-20133, an information disclosure vulnerability in Cisco Catalyst SD-WAN Manager, to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to patch by April 24. The flaw allows unauthenticated remote attackers to read sensitive OS-level information via the API due to insufficient file system access restrictions. Cisco patched it in late February but has not yet confirmed active exploitation. This is the latest in a series of Cisco SD-WAN vulnerabilities flagged as actively exploited, with CISA having tagged 91 Cisco vulnerabilities as exploited in the wild over recent years.
Table of contents
Federal agencies ordered to patch until Friday99% of What Mythos Found Is Still Unpatched.Sort: