Vulnerability intelligence

CVE-2026-20262 is identified as a directory or path traversal vulnerability affecting Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw stems from insufficient validation of user-supplied input during file uploads. An authenticated, remote attacker can exploit this by sending a specially crafted HTTP request to an affected API endpoint of the system. Successful exploitation of CVE-2026-20262 allows an attacker to create or overwrite any file on the underlying operating system. This capability can then be leveraged to elevate privileges to root. The vulnerability impacts all deployment types of Cisco Catalyst SD-WAN Manager, including on-premise, cloud-based, and government deployments.

CVE-2026-54420 identifies a vulnerability within the LiteSpeed cPanel plugin, affecting versions prior to 2.4.8, which are included in LiteSpeed WHM PlugIn versions before 5.3.2.0. This flaw stems from the plugin's inadequate handling of symbolic links (symlinks). The vulnerability can be leveraged by a user possessing FTP or web shell access on a shared hosting server that utilizes CloudLinux/CageFS. Through the manipulation of symlinks, an attacker could potentially access or execute arbitrary files located outside of their designated directories, a scenario categorized as a path traversal vulnerability (CWE-61). This issue was actively exploited in May 2026.

CVE-2026-27509 describes a vulnerability found in specific firmware versions of the Unitree Go2 robot. This flaw stems from the absence of DDS (Data Distribution Service) authentication or authorization for the `rt/api/programming_actuator/request` topic, which is managed by `actuator_manager.py`. As a result, a network-adjacent and unauthenticated attacker can connect to DDS domain 0. They can then publish a specially crafted message containing arbitrary Python code. This code is subsequently written to the robot's disk under `/unitree/etc/programming/` and linked to a physical controller keybinding. When this keybinding is activated, the injected code executes with root privileges and persists even after the robot reboots. The affected firmware versions include V1.1.7 through V1.1.9, and V1.1.11 (EDU).

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

CVE-2026-54420 identifies a vulnerability within the LiteSpeed cPanel plugin, affecting versions prior to 2.4.8, which are included in LiteSpeed WHM PlugIn versions before 5.3.2.0. This flaw stems from the plugin's inadequate handling of symbolic links (symlinks). The vulnerability can be leveraged by a user possessing FTP or web shell access on a shared hosting server that utilizes CloudLinux/CageFS. Through the manipulation of symlinks, an attacker could potentially access or execute arbitrary files located outside of their designated directories, a scenario categorized as a path traversal vulnerability (CWE-61). This issue was actively exploited in May 2026.

CVE-2026-20262 is identified as a directory or path traversal vulnerability affecting Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw stems from insufficient validation of user-supplied input during file uploads. An authenticated, remote attacker can exploit this by sending a specially crafted HTTP request to an affected API endpoint of the system. Successful exploitation of CVE-2026-20262 allows an attacker to create or overwrite any file on the underlying operating system. This capability can then be leveraged to elevate privileges to root. The vulnerability impacts all deployment types of Cisco Catalyst SD-WAN Manager, including on-premise, cloud-based, and government deployments.