AI description
CVE-2026-20262 is identified as a directory or path traversal vulnerability affecting Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw stems from insufficient validation of user-supplied input during file uploads. An authenticated, remote attacker can exploit this by sending a specially crafted HTTP request to an affected API endpoint of the system. Successful exploitation of CVE-2026-20262 allows an attacker to create or overwrite any file on the underlying operating system. This capability can then be leveraged to elevate privileges to root. The vulnerability impacts all deployment types of Cisco Catalyst SD-WAN Manager, including on-premise, cloud-based, and government deployments.
- Description
- A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- Exploit added on
- Jun 15, 2026
- Exploit action due
- Jun 29, 2026
- Required action
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- psirt@cisco.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
CISAが既知の悪用された脆弱性2件をカタログに追加 CVE-2026-20262 Cisco Catalyst SD-WAN Managerのディレクトリまたはパスのトラバーサル脆弱性 CVE-2026-54420 LiteSpeed cPanelプラグインのUNIXシンボリックリンク(Symlink)の
@foxbook
16 Jun 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oh cPanel servers about to be hacked? Update asap or remove LiteSpeed cPanel Plugin. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
@zerotalktoai
15 Jun 2026
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Cisco Catalyst SD-WAN Manager vulnerability CVE-2026-20262 and LiteSpeed cPanel Plugin vulnerability CVE-2026-54420 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cyber
@CISACyber
15 Jun 2026
2914 Impressions
6 Retweets
13 Likes
3 Bookmarks
1 Reply
0 Quotes