Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.

martedì 16 giugno 2026 New tab

433 words~2 min read

Cisco on Monday warned customers about yet another SD-WAN product zero-day exploited in attacks.

The flaw, tracked as CVE-2026-20262, has been described as a medium-severity arbitrary file write issue affecting Catalyst SD-WAN Manager.

An attacker can send specially crafted HTTP requests to an affected API endpoint to create or overwrite any file on the underlying operating system.

“This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, the attacker must have valid credentials with at least write access.”

Cisco said it discovered the vulnerability internally and became aware of its exploitation in June 2026.

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

Other newsrooms on this story

Related reading

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco SD-WAN make-me-root bug under attack

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

Other newsrooms on this story

Related reading

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco SD-WAN make-me-root bug under attack

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026