216.73.216.170

CVE-2026-20262

· Published 15/06/2026 02:00 · Modified 16/06/2026 12:54 · Author: The MITRE Corporation

Labels: CVE-2026-20262 2026-06-15CVE-2026-20262CWE-22[email protected]

Essential information

Published
15/06/2026 02:00
Modified
16/06/2026 12:54
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
Yes
CWE
CWE-22
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cisco / catalyst sd-wan manager cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*

References

Relations

Type From To
has 1e5e758c-2dcf-483f-9c51-47c0e078b4ef CVE-2026-20262
has Catalyst SD-WAN Manager CVE-2026-20262