CVE-2026-20245 – Cisco Catalyst SD-WAN
“When management systems can be manipulated, attackers can turn routine administration into a path to root access.”
Cisco patched two vulnerabilities affecting Catalyst SD-WAN components. CVE-2026-20262 has a CVSS score of 6.5, which is Medium severity. CVE-2026-20245 has a CVSS score of 7.8, which is High severity.
CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and allows an authenticated attacker to create or overwrite arbitrary files through improper validation during file uploads. The vulnerability could be leveraged to elevate privileges and obtain root access. CVE-2026-20245 affects Catalyst SD-WAN Controller, Manager, and Validator components and allows a privileged attacker to execute arbitrary commands as root through a crafted file upload. Successful exploitation can lead to command execution and full control of the affected system.
Active exploitation has been reported for both vulnerabilities. Cisco has observed limited exploitation of CVE-2026-20245 resulting in configuration changes being pushed to edge devices.
Key Details
- Affected Product
- Cisco Catalyst Sd-wan Manager
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-116