CVE-2026-20262
MEDIUM · 6.5 KEV EPSS 1.7%KEV-confirmed + active exploitation + vendor patches, but CVSS only medium and auth required.
What: Authenticated arbitrary file write in Cisco Catalyst SD-WAN Manager web UI (CVE-2026-20262, CVSS 6.5) allowing file creation/overwrite and potential root escalation via malformed HTTP requests.
Why it matters: KEV-listed as of 2026-06-15; multiple posts confirm active in-the-wild exploitation. Cisco released patches same day. Requires valid credentials but post-exploit escalation to root is documented. This is the sixth SD-WAN Manager flaw exploited in 2026, signaling sustained targeting of network infrastructure.
Where it's seen: Security news aggregators (HackersNews, SecurityAffairs) reporting patches and active exploitation; defender community posts emphasizing urgent patching and access restriction; no public PoC details shared yet, but weaponization confirmed.
RISK: HIGH — KEV-listed, active exploitation, root escalation path, network infrastructure target.
Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
CVSS 3.1 breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N- Attack vector
- Network
- Complexity
- Low
- Privileges required
- Low
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- High
- Availability
- None