CISCO has issued a warning regarding a zero-day vulnerability, tracked as CVE-2026-20262, affecting its Catalyst SD-WAN Manager. This medium-severity flaw allows attackers to exploit specially crafted HTTP requests to create or overwrite files on the operating system, posing a risk of elevating to root access if valid credentials are obtained. First discovered internally by Cisco, the vulnerability has been linked to limited and targeted exploitation since June 2026, likely by sophisticated threat actors.
CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to address it by June 29. This marks the eighth Cisco SD-WAN vulnerability detected in 2026.