Cyber Resilience

CVE-2026-20262

MediumCISA KEVActive Exploitation

Published: 15 June 2026

Published
15 June 2026
Modified
17 June 2026
KEV Added
15 June 2026
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0768 93.9th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2026-20262 is a medium-severity Path Traversal (CWE-22) vulnerability in Cisco Catalyst Sd-Wan Manager. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 6.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the…

more

affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

CWE(s)
KEV Date Added
15 June 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Path traversal in authenticated file upload enables arbitrary file write for root privilege escalation on the appliance.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

cisco
catalyst sd-wan manager
≤ 20.9.9.2 · 20.10 — 20.12.7.2 · 20.13 — 20.15.4.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References