Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks

https://www.securityweek.com/wp-content/uploads/2024/07/Cisco-switches-network.jpeg

Network Security

Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.

Cisco on Monday warned customers about yet another SD-WAN product zero-day exploited in attacks.

The flaw, tracked as CVE-2026-20262, has been described as a medium-severity arbitrary file write issue affecting Catalyst SD-WAN Manager.

An attacker can send specially crafted HTTP requests to an affected API endpoint to create or overwrite any file on the underlying operating system.

“This file could later be used to elevate to root,” Cisco explained, adding, “To exploit this vulnerability, the attacker must have valid credentials with at least write access.”

Cisco said it discovered the vulnerability internally and became aware of its exploitation in June 2026.

It’s unclear whether CVE-2026-20262 has been chained with other vulnerabilities or whether the attackers abused compromised credentials.

Advertisement. Scroll to continue reading.

There does not appear to...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more