top of page
perceptive_background_267k.jpg

CISA flags new SD-WAN flaw as actively exploited in attacks

Published:

21 April 2026 at 12:30:50

Alert date:

21 April 2026 at 13:01:02

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Network Infrastructure, Zero-Day Vulnerabilities, Critical Infrastructure

CISA has issued an urgent directive requiring U.S. government agencies to secure their systems within four days against a Catalyst SD-WAN Manager vulnerability that is being actively exploited in attacks. The vulnerability affects SD-WAN infrastructure and poses significant risk to government networks. CISA's rapid response indicates the severity and active nature of the threat. Organizations using Catalyst SD-WAN Manager should prioritize patching immediately. The exploit is being used in real-world attacks against critical infrastructure.

Technical details

Information disclosure vulnerability in Catalyst SD-WAN Manager (formerly vManage) due to insufficient file system access restrictions. Unauthenticated remote attackers can access sensitive information by accessing the API of affected systems, allowing them to read sensitive information on the underlying operating system.

Mitigation steps:

Federal agencies must patch systems by Friday, April 24. Follow CISA's Emergency Directive 26-03 guidelines to assess exposure and mitigate risks. Use CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices. Apply applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected products:

Cisco Catalyst SD-WAN Manager (formerly vManage)
Cisco SD-WAN devices
Cisco Secure Firewall Management Center (FMC)

Related links:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v
https://nvd.nist.gov/vuln/detail/CVE-2026-20133
https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133
https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page