Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates for CVE-2026-20262, a medium-severity vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) that is being actively exploited in the wild. The issue can let an authenticated remote attacker abuse a file upload path-handling weakness to create or overwrite files on the device’s filesystem, which may be leveraged toward higher privileges depending on attacker access. The fix is available across multiple Cisco Catalyst SD-WAN releases, including Cisco Catalyst SD-WAN Release 20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, and 26.1.1.2, covering Cisco Catalyst SD-WAN Manager On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).