Path traversal in Catalyst SD-WAN Manager (formerly SD-WAN vManage) - CVE-2026-20262
Published: June 16, 2026
Vulnerability identifier: #VU134581
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:A/U:Amber
CVE-ID: CVE-2026-20262
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Cisco Systems, Inc
Affected software:
Catalyst SD-WAN Manager (formerly SD-WAN vManage)
Catalyst SD-WAN Manager (formerly SD-WAN vManage)
Detailed vulnerability description
The vulnerability allows a remote user to create or overwrite arbitrary files on the filesystem.
The vulnerability exists due to path traversal in the web UI file upload process when handling file upload requests to an affected API endpoint. A remote user can send a crafted HTTP request to create or overwrite arbitrary files on the filesystem.
A created or overwritten file could later be used to elevate privileges to root.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2026-20262
Install security update from vendor's website.