Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2026-20262

MEDIUM severity · CVSS 6.5 · Path traversal · actively exploited (CISA KEV)
6.5CVSS MEDIUM exploited
Actively exploited in the wild (CISA Known Exploited Vulnerabilities). Added to KEV 2026-06-15. US federal agencies must patch by 2026-06-29.

Summary

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactNone
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)2%

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

Catalyst SD-WAN Manager

Recommendation

This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.

Additional information