Cross-Site Scripting Vulnerability in Cisco Catalyst SD-WAN Manager
CVE-2026-20108

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 25 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20108?

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager allows authenticated, remote attackers to execute cross-site scripting (XSS) attacks by exploiting insufficient user input validation. By persuading users to click on malicious links, attackers can execute arbitrary script code within the affected interface, potentially leading to unauthorized access to sensitive browser-stored information.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.12.1

Cisco Catalyst SD-WAN Manager 20.12.1_LI_Images

Cisco Catalyst SD-WAN Manager 20.12.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 25, 2026
Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20108 Data

JSON