Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco released security updates this week for a medium-severity vulnerability in its Catalyst SD-WAN Manager software, identified as CVE-2026-20262. This flaw, which has a CVSS score of 6.5 out of 10.0, allows an authenticated, remote attacker to create or overwrite arbitrary files on the affected device. The vulnerability resides in the web user interface of Catalyst SD-WAN Manager, which was previously known as SD-WAN vManage. Cisco confirmed that the vulnerability is being actively exploited in the wild, though it did not specify the number of affected customers or the exact nature of the exploitation. The company has provided patches and workarounds to mitigate the risk for users of the affected software. Customers are advised to apply the updates as soon as possible to protect their networks from potential compromise. The advisory also details specific versions of Catalyst SD-WAN Manager that are vulnerable and the corresponding fixed versions.