Cisco
CPE vendor key: cisco ·
444 CVEs published in the last 24 months.
CVEs (365 d)
105
▲ +1 vs prior 30d
Avg CVSS (365 d)
6.94
over 105 CVEs
Avg EPSS pct (365 d)
0.36
higher = more likely exploited
KEV hit rate (365 d)
14.3%
15 of 105 added to CISA KEV
LLM-credited CVEs
0
Monthly CVE volume — last 24 months
Each point is one calendar month. Bars in the
severity card to the right slice the same volume by CVSS band.
Severity mix
Stacked by CVSS band (Critical / High / Medium /
Low) using the best available metric per CVE.
Top affected products (24 mo)
47
43
41
35
32
29
26
24
16
15
Distinct CVEs that include each product in their
CPE configuration.
Top CWEs (24 mo)
72
21
19
17
16
15
14
9
9
9
Distinct CVEs assigned each weakness.
Recent CISA KEV adds (last 12 months)
| Added | CVE | Product | KEV name |
|---|---|---|---|
| 2026-06-15 | CVE-2026-20262 | Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability |
| 2026-06-09 | CVE-2026-20245 | Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability |
| 2026-05-14 | CVE-2026-20182 | Catalyst SD-WAN | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability |
| 2026-04-20 | CVE-2026-20122 | Catalyst SD-WAN Manger | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability |
| 2026-04-20 | CVE-2026-20128 | Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability |
| 2026-04-20 | CVE-2026-20133 | Catalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability |
| 2026-03-19 | CVE-2026-20131 | Secure Firewall Management Center (FMC) | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability |
| 2026-02-25 | CVE-2026-20127 | Catalyst SD-WAN Controller and Manager | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability |
| 2026-01-21 | CVE-2026-20045 | Unified Communications Manager | Cisco Unified Communications Products Code Injection Vulnerability |
| 2025-12-17 | CVE-2025-20393 | Multiple Products | Cisco Multiple Products Improper Input Validation Vulnerability |
| 2025-09-29 | CVE-2025-20352 | IOS and IOS XE | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability |
| 2025-09-25 | CVE-2025-20333 | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability |
| 2025-09-25 | CVE-2025-20362 | Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability |
| 2025-07-28 | CVE-2025-20281 | Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability |
| 2025-07-28 | CVE-2025-20337 | Identity Services Engine | Cisco Identity Services Engine Injection Vulnerability |
Filtered to KEV rows where the CISA vendor name matches this vendor,
to drop cross-OS noise (e.g. third-party Windows apps that CPE-map to
Microsoft).
LLM-credited CVEs from this vendor
No LLM-credited CVEs for this vendor yet.
From
mythos_attributed_cves: CVEs whose NVD description
or vendor advisory credits an LLM-assisted discovery. Confidence is
high for every row.
Generated 19 June 2026 13:18 UTC <span class="time-ago" data-iso="2026-06-19T13:18:30Z"></span>.