CVE-2026-20262
Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
In short
A flaw in Cisco Catalyst SD-WAN Manager's file upload feature allows an authenticated attacker to create or overwrite files on the system. An attacker with login credentials could exploit this to compromise the system and potentially gain full control.
Technical detail
Path traversal vulnerability in the web UI's file upload API endpoint that fails to validate user-supplied input. An authenticated attacker can craft a malicious HTTP request to write arbitrary files to the filesystem, potentially enabling privilege escalation to root. Requires valid credentials (minimum low-privileged user account).
Summary generated and translated by AI from the official description.
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products
Cisco · Cisco Catalyst SD-WAN Managerpublic PoCs found — 2
githubgithub.com/fevar54/CVE-2026-20262-Cisco-Catalyst-SD-WAN-Manager-Arbitrary-File-Write-★ 1githubgithub.com/HORKimhab/CVE-2026-20262★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →