criticalCISA KEVCVE-2026-20262

Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

ProductCatalyst SD-WAN Manager
CVSS6.5
EPSS0.07683
UpdatedJuly 9, 2026

Quick answer

Cisco Catalyst SD-WAN Manager should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Cisco Catalyst SD-WAN Manager is affected by a path traversal vulnerability that may allow an authenticated remote attacker to create or overwrite files. Upgrade to the Cisco fixed release, restrict management access, and inspect the filesystem and configuration for unauthorized changes. Because arbitrary file writes can support later compromise, treat exposed deployments as high priority.

  1. Inventory all Cisco Catalyst SD-WAN Manager and former vManage systems and record version, role, and exposure.
  2. Check each deployment against the Cisco advisory for CVE-2026-20262 and identify affected software versions.
  3. Upgrade to the Cisco fixed release or apply the vendor-supported mitigation while scheduling the upgrade.
  4. Restrict SD-WAN Manager web and API access to trusted admin networks and enforce MFA where available.
  5. Inspect filesystem paths, uploaded files, templates, logs, and configuration backups for unexpected file creation or overwrite events.
  6. Rotate administrator credentials, API tokens, SSH keys, and device integration credentials if suspicious file writes are found.
  7. Restore from trusted backups or redeploy from clean images if unauthorized files or persistence are discovered.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm the running Cisco SD-WAN Manager version is fixed for CVE-2026-20262.
  • Verify management and API endpoints are inaccessible from untrusted networks.
  • Review audit logs and filesystem evidence for path traversal attempts or unauthorized writes.
  • Test SD-WAN policy, template, and device synchronization workflows after the upgrade.
  • Run a Fixnx scan and confirm SD-WAN Manager administration is not publicly exposed.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-20262?

Cisco Catalyst SD-WAN Manager should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.