File Upload Vulnerability in Cisco Catalyst SD-WAN Manager
CVE-2026-20262

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Catalyst Sd-wan Manager
Vendor: CVE Published:; 15 June 2026

Badges

📈 Score: 131👾 Exploit Exists📰 News Worthy

What is CVE-2026-20262?

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager enables an authenticated remote attacker to create or overwrite files on the system's filesystem. This issue arises from inadequate validation of user inputs during file uploads. An attacker, using a crafted HTTP request directed at the system's vulnerable API endpoint, could exploit this flaw if they possess valid credentials for at least a lower-privileged, single-task user account. Successful exploitation may allow the attacker to overwrite critical files, potentially leading to unauthorized access and further exploitation of the underlying operating system.

Affected Version(s)

Cisco Catalyst SD-WAN Manager 20.1.12

Cisco Catalyst SD-WAN Manager 19.2.1

Cisco Catalyst SD-WAN Manager 18.4.4

News Articles

BleepingComputer

CVE-2026-20262

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges.

4 hours ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 15, 2026
📰
First article discovered by BleepingComputer
Jun 15, 2026
Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20262 Data

JSON