•CISA has added a Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133) to its KEV Catalog, mandating federal agencies patch by April 24th due to active exploitation.
•The flaw allows unauthenticated remote attackers to access sensitive information on unpatched devices, stemming from insufficient file system access restrictions.
•While CISA confirms active exploitation, Cisco's advisory currently states it's unaware of public announcements or malicious use, highlighting a critical intelligence gap for network defenders.
•CISA has added a Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133) to its KEV Catalog, mandating federal agencies patch by April 24th due to active exploitation.
•The flaw allows unauthenticated remote attackers to access sensitive information on unpatched devices, stemming from insufficient file system access restrictions.
•While CISA confirms active exploitation, Cisco's advisory currently states it's unaware of public announcements or malicious use, highlighting a critical intelligence gap for network defenders.
