Vulnerability Details CVE-2026-20108
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2026-20108
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.1_li_images
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.2
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.2_li_images
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.3
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.3.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.3_li_images
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4.0.03
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4.0.4
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4.0.6
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.4_monthly_es5
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.5
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.5.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.5.2
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.13
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.13.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.13.1_li_images
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.14
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.14.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.14.1_li_images
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.2
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.3
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.3.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.4
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.15.4.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.16
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.16.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.18
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.18.1
-
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.18.2