CVE-2026-20262

medium Cisco ⚠️ CISA KEV — Exploited in the Wild
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
1.1%
Exploitation probability in 30 days
Top 37% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
High
Availability
None
Published: June 15, 2026 (24 days ago)
Last Modified: June 17, 2026
Vendor: Cisco
Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-06-15
Remediation Due: 2026-06-29 (⚠ 10d overdue)

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

CWE

CWE-22

Affected Products

cisco catalyst sd-wan manager

References