CVE-2026-20262

MEDIUM KEV

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

Title source: cna
STIX 2.1

Exploitation Summary

CVE-2026-20262 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 15, 2026.

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

References (2)

Core 2

Scores

CVSS v3 6.5
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2026-06-15
VulnCheck KEV 2026-06-15
CWE
CWE-22
Status published
Products (50)
Cisco/Cisco Catalyst SD-WAN Manager 17.2.10
Cisco/Cisco Catalyst SD-WAN Manager 17.2.4
Cisco/Cisco Catalyst SD-WAN Manager 17.2.5
Cisco/Cisco Catalyst SD-WAN Manager 17.2.6
Cisco/Cisco Catalyst SD-WAN Manager 17.2.7
Cisco/Cisco Catalyst SD-WAN Manager 17.2.8
Cisco/Cisco Catalyst SD-WAN Manager 17.2.9
Cisco/Cisco Catalyst SD-WAN Manager 18.2.0
Cisco/Cisco Catalyst SD-WAN Manager 18.3.0
Cisco/Cisco Catalyst SD-WAN Manager 18.3.1
... and 40 more
Published Jun 15, 2026
KEV Added Jun 15, 2026
Tracked Since Jun 15, 2026