CVE-2026-20108 - Vulnerability Details

- Cross‑Site Scripting in Cisco Catalyst SD‑WAN Manager Web Interface

Description

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.

This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Published: 2026-03-25

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in Cisco Catalyst SD‑WAN Manager’s web‑based management interface lets a remote attacker, who is authenticated to the interface, inject malicious JavaScript because user input is not properly validated. The attacker can persuade a legitimate user to click a crafted link, which then loads and runs arbitrary script code within the user’s browser session. The result is the ability to execute code in the context of the web interface or steal sensitive browser‑based information, a classic reflected XSS vulnerability (CWE‑79).

Affected Systems

The vulnerable product is the Cisco Catalyst SD‑WAN Manager management interface. No specific version numbers are supplied, so any deployment that has not applied the vendor’s fix remains at risk. The attack requires authentication to the web interface and a user who interacts with a maliciously constructed URL.

Risk and Exploitability

The base CVSS score of 5.4 indicates moderate severity; the vector is remote with an authenticated user and requires user interaction. EPSS data is not available, and the flaw is not listed in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation. Nevertheless, any authenticated user exposed to phishing or social‑engineering links could fall victim, making the risk significant for organizations that grant broad web‑interface access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco Catalyst SD-WAN Manager

affected

Version	Status	Constraints
`20.12.1`	affected	—
`20.12.1_LI_Images`	affected	—
`20.12.2`	affected	—
`20.12.3`	affected	—
`20.12.3.1`	affected	—
`20.12.4`	affected	—
`20.12.4.1`	affected	—
`20.12.5`	affected	—
`20.12.5.1`	affected	—
`20.12.5.2`	affected	—
`20.12.6`	affected	—
`20.12.6.1`	affected	—
`20.12.5.3`	affected	—
`20.13.1`	affected	—
`20.14.1`	affected	—
`20.15.1`	affected	—
`20.15.2`	affected	—
`20.15.3`	affected	—
`20.15.3.1`	affected	—
`20.15.4`	affected	—
`20.15.4.1`	affected	—
`20.15.4.2`	affected	—
`20.16.1`	affected	—
`20.18.1`	affected	—

No data.

Vendor Product Confidence Versions

Cisco

Catalyst Sd-wan Manager

91%

Version	Status	Scheme	Platform
`20.12.1`	affected	semver	—
`20.12.1_LI_Images`	affected	generic	—
`20.12.2`	affected	semver	—
`20.12.3`	affected	semver	—
`20.12.3.1`	affected	generic	—
`20.12.4`	affected	semver	—
`20.12.4.1`	affected	generic	—
`20.12.5`	affected	semver	—
`20.12.5.1`	affected	generic	—
`20.12.5.2`	affected	generic	—
`20.12.6`	affected	semver	—
`20.12.6.1`	affected	generic	—
`20.12.5.3`	affected	generic	—
`20.13.1`	affected	semver	—
`20.14.1`	affected	semver	—
`20.15.1`	affected	semver	—
`20.15.2`	affected	semver	—
`20.15.3`	affected	semver	—
`20.15.3.1`	affected	generic	—
`20.15.4`	affected	semver	—
`20.15.4.1`	affected	generic	—
`20.15.4.2`	affected	generic	—
`20.16.1`	affected	semver	—
`20.18.1`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Cisco Catalyst SD‑WAN Manager patch or firmware update as soon as it is released
Limit access to the web interface to trusted networks or IP ranges and enforce strong, multi‑factor authentication
Educate users to recognize and avoid clicking suspicious links that could trigger cross‑site scripting attacks

Generated by OpenCVE AI on March 25, 2026 at 20:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-ZqkhP9W9

History

Fri, 27 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 26 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco catalyst Sd-wan Manager
Vendors & Products		Cisco Cisco catalyst Sd-wan Manager

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Cross‑Site Scripting in Cisco Catalyst SD‑WAN Manager Web Interface

Wed, 25 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Weaknesses		CWE-79
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-ZqkhP9W9
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

Cisco Catalyst Sd-wan Manager

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2026-03-25T16:09:06.788Z

Updated: 2026-03-27T15:00:28.039Z

Reserved: 2025-10-08T11:59:15.372Z

Link: CVE-2026-20108

Vulnrichment

Updated: 2026-03-27T15:00:23.600Z

NVD

Status : Awaiting Analysis

Published: 2026-03-25T16:16:14.420

Modified: 2026-03-26T15:13:15.790

Link: CVE-2026-20108

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-26T11:42:38Z

Weaknesses

CWE-79

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object