CISCO Security Advisory
Published Date: June 11, 2026
CVE: CVE-2026-20245
Advisory Summary
❗️⚠️ Cisco Catalyst SD-WAN Privilege Escalation Vulnerability — Immediate Action Required ⚠️❗️
A critical vulnerability (CVE-2026-20245) has been identified in the CLI of Cisco Catalyst SD-WAN Controller (formerly vSmart), Catalyst SD-WAN Manager (formerly vManage), and Catalyst SD-WAN Validator (formerly vBond). This flaw allows an authenticated local attacker with netadmin privileges to escalate to root-level command execution by uploading a specially crafted file. The root cause is inadequate validation of user-supplied input leading to possible command injection.
- Exploitation requires netadmin credentials or prior exploitation of related vulnerabilities CVE-2026-20182 or CVE-2026-20127.
- Cisco has detected limited incidents where attackers used this vulnerability to alter edge device configurations.
- No available workarounds; patching is mandatory for mitigation.
- High security impact rating reflecting potential full system compromise.
- Immediately collect “admin-tech” files from all control components in your SD-WAN environment to preserve forensic evidence.
- Upgrade to the latest patched software releases as documented in Cisco’s May 14, 2026 security advisory.
- Thoroughly audit logs post-upgrade for any indicators of compromise.
- If compromise is confirmed, coordinate with Cisco TAC for tailored remediation beyond patch application.
This vulnerability poses a significant threat to SD-WAN infrastructure integrity, and operators must prioritize swift patch deployments and proactive system audits to prevent exploitation and potential configuration manipulation of edge devices.
-WAN -2026-20245
Reference: Vendor Advisory