CVE-2026-20108
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager allows an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the interface. This is due to insufficient input validation.
Risk Assessment
An attacker could trick a user into clicking a crafted link, leading to arbitrary script execution in the interface context or access to sensitive browser-based information, posing a risk to data confidentiality and integrity.
Recommendation
Apply the patches provided by Cisco immediately and restrict access to the management interface to trusted users and networks only.
Original NVD description (English source)
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

