Cisco has patched CVE-2026-20262 in Catalyst SD-WAN Manager after confirming it was exploited to escalate privileges to root. The flaw affects all deployment types and let authenticated attackers upload crafted files through an API to overwrite files and gain higher privileges; admins should review logs for index.jsp and .war upload attempts. #Cisco #CatalystSDWANManager #CVE-2026-20262
Keypoints
- Cisco fixed CVE-2026-20262 in Catalyst SD-WAN Manager after exploitation in the wild.
- The flaw affected all deployment types, including on-prem and Cisco-managed cloud versions.
- Attackers could send crafted HTTP requests to upload or overwrite files on the system.
- Successful exploitation could lead to root privilege escalation on the underlying operating system.
- Cisco advised admins to check logs for index.jsp and .war upload attempts.