CVE-2026-20245

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)

Description A flaw in the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vManage, allows an authenticated local attacker to execute arbitrary commands with root privileges. This issue is caused by insufficient validation of user-supplied input, enabling command injection attacks when a crafted file is uploaded to the system. To exploit this, an attacker must possess netadmin privileges, which could be obtained through valid credentials or other exploits. There have been limited real-world incidents where this exploitation resulted in configuration changes being pushed to edge devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict management access using VPN, Zero Trust architectures, IP allowlisting, and Multi-Factor Authentication (MFA). Limit file upload capabilities to trusted administrators only. Review logs for suspicious uploads, command execution, new account creation, and configuration changes. Rotate credentials, API keys, and automation tokens if a compromise is suspected. Monitor for lateral movement, abnormal outbound traffic, and unauthorized access across connected sites.