VDB
CVE-2026-20108
CVE-2026-20108
PUBLISHED
CVSS 5.400000095367432 MEDIUM
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
EPSS 0.05% · 15.7th percentile
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.05%
15.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 20.12.1_LI_Images, 20.12.2, 20.12.3 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20108 (circl-sighting)
- cisco-sa-vmanage-xss-ZqkhP9W9 (circl)
Timeline
- Mar 25, 2026 Coalition ESS Score
- Mar 25, 2026 CVE Published
- Mar 26, 2026 PoC Published
- Mar 27, 2026 CVE Updated
- Mar 29, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score