Main Vulnerability Database Vulnerabilities #VU131453

Information disclosure in Catalyst SD-WAN Manager (formerly SD-WAN vManage) - CVE-2026-20210

Published: May 14, 2026

Vulnerability identifier: #VU131453

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-20210

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Catalyst SD-WAN Manager (formerly SD-WAN vManage)

Detailed vulnerability description

The vulnerability allows a remote user to modify configurations and perform unauthorized actions.

The vulnerability exists due to improper redaction of sensitive information in device configurations and templates in the web UI when exposing configuration data. A remote user can leverage exposed sensitive information to modify configurations and perform unauthorized actions.

The issue requires read-only permissions.

How to mitigate CVE-2026-20210

Install security update from vendor's website.

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R

Information disclosure in Catalyst SD-WAN Manager (formerly SD-WAN vManage) - CVE-2026-20210

Detailed vulnerability description

How to mitigate CVE-2026-20210

Sources

Please verify you're human