CVE-2026-20262

Confirmed PUBLISHED

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

Cisco · Cisco Catalyst SD-WAN Manager
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
6.5 Medium EPSS 7.7%

At a Glance

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

edge cisa
CVE Published
Jun 15, 2026
Exploitation Reported
Jun 15, 2026
CVSS
6.5 Medium
EPSS
7.7%
Remote Low complexity No user interaction

Affected Versions

376 version rows · page 1 of 16

Vendor Product Version Status
Cisco
Cisco Catalyst SD-WAN Manager

20.1.12

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.4

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.5

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.1.1.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

20.1.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.3.0

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.2

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.099

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.3.6

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.3.7

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.0

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.3.8

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.0.0

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.1.0

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.302

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.303

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.097

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.2.098

Affected
Cisco
Cisco Catalyst SD-WAN Manager

17.2.10

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.3.6.1

Affected
Cisco
Cisco Catalyst SD-WAN Manager

19.0.1a

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.2.0

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.3

Affected
Cisco
Cisco Catalyst SD-WAN Manager

18.4.1

Affected

CVE References

  • cisco-sa-sdwan-arbfw-c2rZvQ sec.cloudapps.cisco.com · CVE Record https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurity...

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.