CISCO Security Advisory
Published Date: June 9, 2026
CVE: CVE-2026-20182
Advisory Summary
A critical security flaw has been identified in the CLI interfaces of Cisco Catalyst SD-WAN Controller (formerly vSmart), Catalyst SD-WAN Manager (formerly vManage), and Catalyst SD-WAN Validator (formerly vBond). Authenticated local attackers with netadmin privileges can exploit insufficient input validation by uploading specially crafted files, allowing arbitrary command execution with root-level privileges.
- The vulnerability arises from improper validation of user inputs leading to possible command injection.
- Exploitation requires netadmin privileges, attainable either via valid credentials or prior exploitation of related vulnerabilities CVE-2026-20182 or CVE-2026-20127.
- Cisco has observed limited exploitation incidents resulting in unauthorized configuration changes on edge devices.
- No known alternative exploitation methods exist at this time.
- Immediate upgrade to fixed software releases as detailed in Cisco’s Catalyst SD-WAN Security Advisory issued on May 14, 2026.
- Collect diagnostic “admin-tech” files from all control components before patching to preserve potential indicators of compromise.
- Retain and analyze logs pre- and post-upgrade to detect any signs of compromise.
- In confirmed breach scenarios, software updates alone may be insufficient; Cisco TAC will provide targeted remediation guidance.
- No effective workarounds are available outside the prescribed updates.
This vulnerability carries a High security impact rating, urging urgent attention by network security and infrastructure teams managing Cisco Catalyst SD-WAN deployments. Proactive patch management combined with thorough incident investigation is essential to safeguard network integrity and prevent privilege escalation attacks.
-WAN -2026-20245
Reference: Vendor Advisory