CVE-2026-20108 in Catalyst SD-WAN Manager
Sumário (Inglês)
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Responsável
cisco
Reservar
08/10/2025
Divulgação
25/03/2026
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 353188 | Cisco Catalyst SD-WAN Manager Web-based Management Script de Site Cruzado | 79 | Não definido | Correção oficial | CVE-2026-20108 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV