Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Cisco Addresses SD-WAN Manager Flaw: A Wake-Up Call for Network Security


Cisco has released a critical security patch for its SD-WAN Manager software, addressing an actively exploited vulnerability that can allow attackers to elevate privileges to the root level. The patch is now available, and affected organizations are urged to apply it by June 29, 2026, to prevent further exploitation.

  • Cisco has released a security patch to address a medium-severity vulnerability in its Catalyst SD-WAN Manager software (CVE-2026-20262), rated 6.5 out of 10 on the CVSS scale.
  • The vulnerability allows an authenticated, remote attacker to elevate their privileges to the root level by sending crafted HTTP requests during a file upload process.
  • The issue is due to inadequate validation of user-supplied input during a file upload process, requiring valid credentials with write access for exploitation.
  • Patches have been released for various affected products, including Cisco Catalyst SD-WAN Manager On-Prem and Cisco SD-WAN Cloud-Pro.
  • The vulnerability is the eighth in Cisco SD-WAN this year alone, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to its KEV catalog.


    • Cisco has issued a security update to address a medium-severity vulnerability in its Catalyst SD-WAN Manager software, which has been actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2026-20262, carries a Critical Vulnerability Severity Level (CVSS) score of 6.5 out of 10.0.

    The security flaw affects the web UI of Cisco Catalyst SD-WAN Manager, specifically during a file upload process, where an attacker can create or overwrite any file on the filesystem of an affected system by sending crafted HTTP requests to an affected API endpoint. This behavior allows an authenticated, remote attacker to elevate their privileges to the root level.

    According to Cisco, the issue stems from inadequate validation of user-supplied input during a file upload process. The company added that successful exploitation hinges on the attacker already having valid credentials with at least write access.

    The vulnerability impacts various products, including Cisco Catalyst SD-WAN Manager On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP). Patches have been released to address the issue, including version 20.9.9.2 for affected releases prior to 20.9.9.1.

    The vulnerability is the eighth security flaw impacting Cisco SD-WAN this year alone after CVE-2026-20245, CVE-2026-20182, CVE-2026-20127, CVE-2026-20122, CVE-2026-20128, CVE-2026-20133, and CVE-2022-20775. The exploitation of some of these flaws has been attributed to an advanced persistent threat (APT) actor named UAT-8616.

    The development has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 29, 2026.

    To address this vulnerability, Cisco has shared indicators of compromise associated with malicious activity. Customers are urged to audit "/var/log/nms/vmanage-server.log" for suspicious WAR file uploads and other related activities.

    In light of this security update, network administrators must prioritize patch management and take immediate action to address the issue. This includes applying the latest patches and updates to their systems, ensuring that all affected products receive regular security checks, and implementing robust security controls to prevent similar vulnerabilities from being exploited in the future.

    The recent issuance of this security update highlights the importance of staying informed about emerging threats and vulnerabilities. It serves as a reminder for network administrators to remain vigilant and proactive in addressing potential security risks before they become major issues.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Cisco-Addresses-SD-WAN-Manager-Flaw-A-Wake-Up-Call-for-Network-Security-ehn.shtml

  • https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20262

  • https://www.cvedetails.com/cve/CVE-2026-20262/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20245

  • https://www.cvedetails.com/cve/CVE-2026-20245/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20182

  • https://www.cvedetails.com/cve/CVE-2026-20182/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20127

  • https://www.cvedetails.com/cve/CVE-2026-20127/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20122

  • https://www.cvedetails.com/cve/CVE-2026-20122/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20128

  • https://www.cvedetails.com/cve/CVE-2026-20128/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-20133

  • https://www.cvedetails.com/cve/CVE-2026-20133/

  • https://nvd.nist.gov/vuln/detail/CVE-2022-20775

  • https://www.cvedetails.com/cve/CVE-2022-20775/


    • Published: Thu Jun 18 00:04:31 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us