CVE-2026-20262
Awaiting Analysis Awaiting Analysis - Queue
File Write Vulnerability in Cisco Catalyst SD-WAN Manager

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-20262
EUVD
EUVD-2026-36733
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco catalyst_sd-wan_manager *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20262 is a vulnerability in the web UI of Cisco Catalyst SD-WAN Manager that allows an authenticated, remote attacker with lower-privileged credentials to create or overwrite any file on the filesystem of the affected system.

This happens because the software does not properly validate user-supplied input during a file upload process. An attacker can exploit this by sending a crafted HTTP request to a vulnerable API endpoint.

Successful exploitation could allow the attacker to create or modify files that might later be used to escalate privileges to root.

Impact Analysis

This vulnerability can impact you by allowing an attacker with valid, but lower-privileged credentials, to create or overwrite files on your system.

Such unauthorized file creation or modification could lead to privilege escalation, potentially giving the attacker root access to your system.

This could compromise the integrity and security of your system, leading to unauthorized control or disruption of services.

Mitigation Strategies

To mitigate this vulnerability, customers are strongly advised to upgrade to the fixed software versions released by Cisco that address this issue.

There are no available workarounds for this vulnerability, so applying the software update is the only effective immediate step.

Compliance Impact

The provided information does not specify how this vulnerability directly impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart