CVE-2026-20262

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)

Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated, remote attacker to create or overwrite any file on the underlying operating system. This occurs because the software fails to properly validate user-supplied input during a file upload process. An attacker with at least a lower-privileged, single-task user account can exploit this by sending a crafted HTTP request to an affected API endpoint. This issue has been exploited in zero-day attacks to achieve privilege escalation to root.

Recommendations Update to the latest security updates released by Cisco. As a temporary mitigation, restrict access to the file upload API endpoint to only highly trusted administrators.