CVE Catalog

CVE-2026-20108

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager allows an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the interface. This is due to insufficient input validation.

Risk Assessment

An attacker could trick a user into clicking a crafted link, leading to arbitrary script execution in the interface context or access to sensitive browser-based information, posing a risk to data confidentiality and integrity.

Recommendation

Apply the patches provided by Cisco immediately and restrict access to the management interface to trusted users and networks only.

Original NVD description (English source)

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS