CYBERSIXT Signal Over Noise
CISA KEV Alert 6/15/2026, 7:41:19 PM

CISA adds Cisco SDWAN Manager CVE-2026-20262 to KEV list

Developing story vulnerability 3 articles tracked
Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) exploited in the wild
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CVE Intel
CVE-2026-20262 - NVD CISA KEV due 2026-06-29 6.5 MEDIUM Patch Unknown
CISA KEV Listed in KEV
Patch Patch Status Unknown

ON 15 June 2026 the Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2026‑20262 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects Cisco’s Catalyst SD‑WAN Manager product and is officially named the Cisco Catalyst SD‑WAN Manager Directory or Path Traversal Vulnerability. It allows an authenticated remote attacker to create or overwrite arbitrary files on the underlying filesystem.

The vulnerability is a directory traversal (path traversal) issue in the web‑based management interface of Catalyst SD‑WAN Manager. Exploitation requires valid credentials and can be performed over the network, enabling an attacker to write or replace files with the privileges of the application process. The Common Vulnerability Scoring System (CVSS) v3.1 scores the issue at 6.5, rated MEDIUM. At the time of publishing, Cisco has not released a public patch; the advisory notes that mitigations must be applied according to vendor guidance.

Because the entry appears in the KEV catalogue, CISA confirms that the vulnerability is being actively exploited in the wild. No public attribution to a ransomware campaign has been made for this CVE. Federal Civilian Executive Branch (FCEB) agencies must remediate the issue by 29 June 2026, the date CISA has set for compliance with Binding Operational Directive (BOD) 26‑04.

CISA’s required action is: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26‑04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Follow applicable BOD 26‑04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26‑04 patching guidelines.

While the directive binds FCEB agencies, all organisations should review their exposure to Catalyst SD‑WAN Manager and implement the advised mitigations promptly.

For full details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-20262 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline