CISCO Security Advisory
Published Date: Not specified
CVE: CVE-2026-20245
Advisory Summary
📅 June 5, 2026
➤➤ SECURITY ALERT: High-Risk Privilege Escalation Vulnerability in Cisco Catalyst SD-WAN Manager
A critical vulnerability (CVE-2026-20245) has been identified in the CLI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage). This flaw allows a local attacker with netadmin privileges to execute arbitrary commands as the root user by uploading a specially crafted file, exploiting insufficient input validation. While exploitation requires valid credentials or prior exploitation of related vulnerabilities (CVE-2026-20182 or CVE-2026-20127), limited incidents have shown unauthorized configuration changes pushed to edge devices.
- Unauthorized root-level command execution
- Potential manipulation of network edge device configurations
- Exploitation dependent on prior access or credentials
🛠️ Recommended Actions:
- Before upgrading, run the “request admin-tech” command on control components to collect forensic data preserving possible indicators of compromise.
- Retain and review logs pre- and post-upgrade to detect any signs of system compromise.
- If compromise is confirmed, simply applying updates is insufficient; engage Cisco TAC for specialized remediation instructions.
- No workarounds exist for this vulnerability.
- Monitoring and verifying device configurations after upgrade is critical to ensure network integrity.
Proactive remediation will safeguard SD-WAN deployments from high-impact command injection and privilege escalation exploits.
-WAN -2026-20245
Reference: Vendor Advisory