Free practical cybersecurity guidance for organisations without a security team.
hello@actionsoncyber.com
← Back to Vulnerability Briefs

Important Security Update for Cisco Catalyst SD-WAN Manager

A security weakness has been found in Cisco Catalyst SD-WAN Manager that could let an attacker with some access create or change files on the system. This flaw is actively being exploited, so it’s important for organisations using this software to act quickly to reduce risk.

16 June 2026

Reference: CVE-2026-20262

1. What is being reported?

The issue is with the web interface of Cisco Catalyst SD-WAN Manager. If someone with valid login details sends a specially crafted request, they could overwrite or create files on the system. This could allow them to gain higher-level control over the system later.

2. What this means in plain English

If your organisation uses this Cisco software and someone with low-level access is compromised, an attacker could take advantage to gain full control. This could lead to serious security problems, including data loss or disruption of your network.

3. Could this affect a small business?

Small businesses or charities using Cisco Catalyst SD-WAN Manager could be affected, especially if the system is accessible remotely and user accounts exist with some access rights. Organisations not using this product or without remote access are unlikely to be affected.

4. What to do now

  • Check if your organisation uses Cisco Catalyst SD-WAN Manager and confirm the software version with your IT provider.
  • Ask your IT provider to apply the latest security updates or mitigations recommended by Cisco immediately.
  • Ensure that user accounts have only the minimum access needed and review who has login credentials.
  • If you use cloud services for this product, confirm with your provider that they are following current security guidance or consider discontinuing use if mitigations are not available.

5. Ask your IT provider

Can you confirm if our Cisco Catalyst SD-WAN Manager system is updated to fix the recent file overwrite vulnerability (CVE-2026-20262) and what steps have been taken to protect us?

6. Bottom line

If you use Cisco Catalyst SD-WAN Manager, act quickly to update and secure it to prevent attackers from gaining control.

Information based on CISA KEV, NVD and multiple reputable security reports.

Back to Vulnerability Briefs