CISCO Security Advisory
Published Date: June 10, 2026
CVE: CVE-2026-20245
Advisory Summary
Cisco has disclosed a critical vulnerability (CVE-2026-20245) in the CLI of its Catalyst SD-WAN Controller (previously SD-WAN vSmart), Catalyst SD-WAN Manager (previously SD-WAN vManage), and Catalyst SD-WAN Validator (previously SD-WAN vBond). This weakness allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as root by uploading a crafted file — essentially enabling privilege escalation through command injection due to insufficient input validation.
- Requires attacker to have netadmin privileges, obtained either via valid credentials or by leveraging vulnerabilities CVE-2026-20182 or CVE-2026-20127.
- Cisco has detected limited instances of the exploit resulting in unauthorized configuration changes pushed to edge devices.
- No known successful exploitation from other attack vectors at this time.
- Immediately upgrade to fixed software releases as outlined in Cisco’s May 14, 2026, Catalyst SD-WAN Security Advisory.
- Prior to upgrade, generate and collect the admin-tech file from all SD-WAN control components to preserve forensics indicators.
- Retain and review logs for signs of compromise both before and after patching.
- In confirmed compromises, software updates alone are insufficient; engage Cisco TAC for detailed remediation.
⚠️ No workarounds are available beyond applying the update and following Cisco’s guidance.
This vulnerability poses a serious risk to SD-WAN infrastructure integrity and security posture. Organizations deploying Cisco Catalyst SD-WAN solutions should prioritize patching and thorough log validation to detect and mitigate exploitation.
-2026-20245
Reference: Vendor Advisory