Cisco Catalyst SD-WAN Manager Path Traversal Vulnerability CVE-2026-20262
CVE-2026-20262 is a path traversal vulnerability in the Web UI of Cisco Catalyst SD-WAN Manager that allows authenticated remote attackers to create or overwrite arbitrary files on the underlying Linux operating system. By utilizing directory traversal sequences (e.g., ../) in HTTP requests, attackers can achieve root privilege escalation, enabling full control over the SD-WAN orchestration layer. This vulnerability is currently weaponized and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Successful exploitation facilitates network-wide compromise, traffic redirection, and persistent backdoor installation via the modification of system binaries or startup scripts.
Cisco Catalyst SD-WAN Authentication Bypass Zero-Day
A critical authentication bypass vulnerability, tracked as CVE-2026-20182, has been identified in the peering authentication mechanism of the Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager. Exploited in the wild by the sophisticated threat actor UAT-8616, this flaw allows unauthenticated attackers to bypass security checks, facilitating unauthorized access to the SD-WAN infrastructure. The vulnerability carries a CVSS score of 10.0, posing a maximum risk of full control plane compromise, which could enable large-scale network traffic interception or redirection. Organizations are urged to apply official Cisco patches immediately to prevent targeted exploitation and potential network-wide lateral movement or data exfiltration.