CISCO has identified a significant privilege escalation vulnerability, tracked as CVE-2026-20245, in its Catalyst SD-WAN Manager. This flaw allows authenticated local attackers to execute arbitrary commands as the root user through file upload command injection, carrying a CVSS base score of 7.8. Currently, there is no patch or workaround available.
The vulnerability arises from insufficient validation of user input and requires netadmin privileges to exploit, obtainable via stolen credentials or previously disclosed vulnerabilities. Cisco's interim guidance emphasizes the necessity of checking control component logs before deploying any updates to ensure the system's integrity. The flaw affects all deployment models of Cisco Catalyst SD-WAN Manager, and the U.S. CISA has included this and other related vulnerabilities in its Known Exploited Vulnerabilities catalog.