A critical vulnerability in Cisco's SD-WAN Manager, tracked as CVE-2026-20262, is under active attack, posing significant risks to affected systems. The flaw, stemming from inadequate validation of user input during file uploads, allows authenticated attackers to overwrite or create files on the system, potentially escalating to root access. All deployment types, including On-Prem, Cloud-Pro, and government installations, are affected with a CVSS score of 6.5.
Cisco has confirmed ongoing exploitation, with indicators such as suspicious file uploads. Users are advised to immediately apply patches and restrict internet access to vulnerable systems.