430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

Cisco warned that CVE-2026-20262, a Catalyst SD-WAN Manager vulnerability allowing arbitrary file writes, is being actively exploited. Cisco confirmed active exploitation of CVE-2026-20262, an arbitrary file write vulnerability affecting Catalyst SD-WAN Manager. CVE-2026-20262 (CVSS score of 6.5) is an arbitrary file write vulnerability in the web interface of Cisco Catalyst SD-WAN Manager. The flaw is […]

Cisco Catalyst

Cisco warned that CVE-2026-20262, a Catalyst SD-WAN Manager vulnerability allowing arbitrary file writes, is being actively exploited.

Cisco confirmed active exploitation of CVE-2026-20262, an arbitrary file write vulnerability affecting Catalyst SD-WAN Manager.

CVE-2026-20262 (CVSS score of 6.5) is an arbitrary file write vulnerability in the web interface of Cisco Catalyst SD-WAN Manager. The flaw is caused by improper validation of user-supplied input during file uploads, allowing an authenticated remote attacker to create or overwrite files on the underlying operating system through a crafted HTTP request.

A successful attack could enable further privilege escalation to root. Exploitation requires valid credentials for a low-privileged user account.

“A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.” reads the advisory. “This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least write access.”

Successful exploitation could enable further compromise of affected systems, prompting Cisco to urge customers to apply available fixes.

Cisco PSIRT has observed limited exploitation of the vulnerability since June 2026 and strongly urges customers to upgrade to a patched software version to mitigate the risk.

The company did not disclose technical details about the attacks exploiting the flaw; however, the networking giant mentioned that CVE-2026-20262 has been exploited in limited attacks, suggesting a highly targeted operation by a sophisticated threat actor. 

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Cisco Catalyst issue to its Known Exploited Vulnerabilities (KEV) catalog ordering federal agencies to fix it by June 29, 2026.

Last week, the U.S. Cybersecurity and Infrastructure Security Agency added another Cisco Catalyst SD-WAN issue, tracked as CVE-2026-20245 (CVSS score v4.0 of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog.

Other vulnerabilities in Cisco SD-WAN discovered this year are CVE-2026-20122CVE-2026-20127CVE-2026-20128, CVE-2026-20133, CVE-2022-20775, and CVE-2026-20182.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISCO Catalyst SD-WAN)