CISCO Security Advisory
Published Date: June 4, 2026
CVE: CVE-2026-20245
Advisory Summary
◈◈◈ High-Risk Privilege Escalation Vulnerability in Cisco Catalyst SD-WAN Manager ◈◈◈
A critical vulnerability (CVE-2026-20245) has been identified in the CLI of Cisco Catalyst SD-WAN Manager (previously SD-WAN vManage) that allows an authenticated, local attacker with netadmin privileges to escalate privileges to root by uploading a specially crafted file. The root cause is insufficient validation of user-supplied input, making the system susceptible to command injection attacks.
- Exploitation requires valid netadmin credentials or prior exploitation of related vulnerabilities (CVE-2026-20182, CVE-2026-20127).
- Cisco has seen limited cases where attackers changed configuration pushed to edge devices.
- No software patches addressing this vulnerability have yet been released.
- No known workarounds exist to mitigate this risk in the current software.
- Customers must urgently collect diagnostic information using the “request admin-tech” command on all control components to preserve indicators of compromise.
- Retain relevant logs before upgrading and verify post-upgrade logs for signs of compromise.
- If systems show signs of compromise, applying the update alone will not be sufficient; coordinate closely with Cisco Technical Assistance Center (TAC) for full remediation.
This vulnerability carries a high security impact rating and demands immediate attention from SD-WAN operators and security teams to avoid unauthorized root-level access and potential network compromise.
-WAN -2026-20245
Reference: Vendor Advisory