PT-2026-46400 · Cisco · Catalyst Sd-Wan Manager
Published
2026-06-04
·
Updated
2026-06-05
·
CVE-2026-20245
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Catalyst SD-WAN Manager (affected versions not specified)
Description
Insufficient validation of user-supplied input in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, allows an authenticated local attacker with
netadmin privileges to execute arbitrary commands as root. This is achieved by uploading a crafted file to the system, leading to command injection and privilege escalation. Limited cases have been observed where this issue resulted in configuration changes being pushed to edge devices.Recommendations
Upgrade to the fixed software documented in the advisory published on May 14, 2026, and verify the configuration of the edge devices.
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Catalyst Sd-Wan Manager