CVE-2026-20262

KEV Medium · CVSS 6.5

Cisco Catalyst SD-WAN Manager (SD-WAN vManage) — Path Traversal / Arbitrary File Write (CWE-22)

CVSS: 6.5; nvd
EPSS: 1.74%; 75th pct
KEV: Listed; 2026-06-15
Class: other; CWE-22

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account.

Search profile — drives PoC discovery

Symbols file uploadAPI endpointcrafted HTTP requestfile overwriteprivilege escalation to rootsingle-task user accountlower-privileged user

Keywords CVE-2026-20262Cisco SD-WAN ManagervManagepath traversalarbitrary file writefile upload vulnerabilitySD-WAN vManage PoCcisco-sa-sdwan-arbfw-c2rZvQCatalyst SD-WAN Manager exploitauthenticated file overwrite

Versions: <UNKNOWN>

Candidate PoCs (1) — discovered, not yet vetted or ranked

HORKimhab/CVE-2026-20262
nomi_sec

★ 0

Recall-favoring discovery (nomi-sec + trickest). Vetting + ranking is the Stage-4 scorer.

References

Status: enriched · ingested 2026-06-16T18:00:52.000Z · profiled 2026-06-16T18:19:23.017Z