{"id":273767,"date":"2026-06-15T13:12:00","date_gmt":"2026-06-15T17:12:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/15\/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks\/"},"modified":"2026-06-15T15:20:43","modified_gmt":"2026-06-15T19:20:43","slug":"cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/15\/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks\/","title":{"rendered":"Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks"},"content":{"rendered":"

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks<\/a><\/p>\n

https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks\/<\/a><\/p>\n

Publish Date: 2026-06-15 13:12:00<\/a><\/p>\n

Source Domain: www.bleepingcomputer.com<\/a><\/p>\n

\n

Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges.<\/p>\n

Formerly known as SD-WAN vManage, this network management software allows admins to manage up to 6,000 SD-WAN devices from a single dashboard.<\/p>\n

The now-patched zero-day security flaw affects all deployment types, regardless of device configuration, including on-prem deployments, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).<\/p>\n

\"image\"<\/p>\n

Cisco said the issue stems from insufficient validation of user-supplied input during file uploads, which can allow low-privilege remote attackers to execute arbitrary commands as root by sending crafted HTTP requests to an affected API endpoint.<\/p>\n

“A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system,” Cisco said in a Monday advisory.<\/p>\n

“An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root.”<\/p>\n

Cisco said its Product Security Incident Response Team (PSIRT) became aware of the exploitation of CVE-2026-20262 earlier this month and “strongly” advised customers to patch their systems.<\/p>\n\n\n\n\n\n\n\n\n
Cisco Catalyst SD-WAN Release<\/th>\nFirst Fixed Release<\/th>\n<\/tr>\n
20.9.9.1 and earlier<\/td>\n20.9.9.2<\/td>\n<\/tr>\n
20.12.7.1 and earlier<\/td>\n20.12.7.2<\/td>\n<\/tr>\n
20.15.4.4 and earlier<\/td>\n20.15.4.5<\/td>\n<\/tr>\n
20.15.5.2 and earlier<\/td>\n20.15.5.3<\/td>\n<\/tr>\n
20.18.3<\/td>\n20.18.3.1<\/td>\n<\/tr>\n
26.1.1.1 and earlier<\/td>\n26.1.1.2<\/td>\n<\/tr>\n<\/table>\n

While the company did not share any details on these attacks, it shared indicators of compromise (IOCs) warning admins to check their SD-WAN…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks\/ Publish Date: 2026-06-15 13:12:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":273768,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/07\/18\/Cisco.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-273767","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273767"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=273767"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273767\/revisions"}],"predecessor-version":[{"id":273769,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/273767\/revisions\/273769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/273768"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=273767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=273767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=273767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}