CONNECT WITH US

Tech

Cisco SD-WAN make-me-root bug under attack

NaN logo

Published on

Cisco SD-WAN make-me-root bug under attack

PATCHES

Cisco SD-WAN make-me-root bug under attack

Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month

Jessica Lyons
Published

Cisco today issued a fix for a Catalyst SD-WAN Manager bug that attackers have already spotted and exploited to get root privileges, according to both the networking vendor and the feds.

The vulnerability, tracked as CVE-2026-20262, is in the web UI of Cisco Catalyst SD-WAN Manager, and exists because the software is not properly validating user-supplied input during a file upload process.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system,” the vendor warned in a Monday security advisory. “A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root.”

There is one caveat: to exploit this bug, the attacker must have valid credentials with at least a lower-privileged, single-task user account. 

That probably explains the medium-severity, 6.8 CVSS rating for this bug.

MORE CONTEXT

Still, valid credentials aren’t hard to come by these days, and considering this CVE is already under attack, we know someone had some success. 

“In June 2026, the Cisco PSIRT became aware of limited exploitation of this vulnerability,” the security alert said. “Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.”

The flaw affects all deployment types, regardless of device configuration. There are no workarounds, but upgrading to a fixed software version will patch the flaw.

Also on Monday, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20262 to its Known Exploited Vulnerabilities catalog, citing “evidence of active exploitation.” America’s lead cyber-defense agency also set a two-week deadline for all federal agencies to apply the patch.

This latest Cisco SD-WAN bug under attack comes less than two weeks after Switchzilla warned that a high-severity vulnerability in Catalyst SD-WAN Manager vulnerability (CVE-2026-20245) was under active exploitation. At the time of disclosure, this SD-WAN vuln did not have a fix.

Cisco issued an advisory for that zero-day on June 4, and finally released patches for all affected versions on June 12.

This is the eighth Cisco SD-WAN bug to be listed in CISA’s Known Exploited Vulnerabilities catalog so far this year.®

security patches cisco

EVENTS

EXPLORE ALL OF OUR EVENTS

AI

Infosec

FOSS



Source link
Related Topics:#Tech

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It's possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Google Preferred Source