Live Roundups Editor's Desk Insights Executive Ops Weather About 🔍
Home Technology Cisco SD-WAN make-me-root bug under attack
Technology

Cisco SD-WAN make-me-root bug under attack

Cisco SD-WAN make-me-root bug under attack
The Register Monday 15 June 2026, 21:48 UTC 2 min read
Key Points

Cisco today issued a fix for a Catalyst SD-WAN Manager bug that attackers have already spotted and exploited to get root privileges, according to both the networking vendor and the feds. The vulnerability, tracked as CVE-2026-20262, is in the web UI of Cisco Catalyst SD-WAN Manager, and exists because the software is not properly validating user-supplied input during a file upload process. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API...

Cisco today issued a fix for a Catalyst SD-WAN Manager bug that attackers have already spotted and exploited to get root privileges, according to both the networking vendor and the feds. The vulnerability, tracked as CVE-2026-20262, is in the web UI of Cisco Catalyst SD-WAN Manager, and exists because the software is not properly validating user-supplied input during a file upload process. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system,” the vendor warned in a Monday security advisory. “A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root.” There is one caveat: to exploit this bug, the attacker must have valid credentials with at least a lower-privileged, single-task user account. That probably explains the medium-severity, 6.8 CVSS rating for this bug. Still, valid credentials aren’t hard to come by these days, and considering this CVE is already under attack, we know someone had some success. “In June 2026, the Cisco PSIRT became aware of limited exploitation of this vulnerability,” the security alert said. “Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.” The flaw affects all deployment types, regardless of device configuration. There are no workarounds, but upgrading to a fixed software version will patch the flaw. Also on Monday, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20262 to its Known Exploited Vulnerabilities catalog, citing “evidence of active exploitation.” America’s lead cyber-defense agency also set a two-week deadline for all federal agencies to apply the patch. This latest Cisco SD-WAN bug under attack comes less than two weeks after Switchzilla warned that a high-severity vulnerability in Catalyst SD-WAN Manager vulnerability (CVE-2026-20245) was under active exploitation. At the time of disclosure, this SD-WAN vuln did not have a fix. Cisco issued an advisory for that zero-day on June 4, and finally released patches for all affected versions on June 12. This is the eighth Cisco SD-WAN bug to be listed in CISA’s Known Exploited Vulnerabilities catalog so far this year.®
Cisco SD-WAN (ORG) Cisco (ORG) Catalyst SD-WAN (ORG) CVE-2026-20262 (ORG) UI (ORG) Cisco Catalyst SD-WAN (ORG) API (ORG) CVE (ORG) Cisco PSIRT (ORG) the US Cybersecurity and Infrastructure Security Agency (ORG) CISA (ORG) America (LOCATION) Switchzilla (ORG) CVE-2026-20245 (ORG)
Originally published by The Register Read original →

Related Stories

Xbox is reportedly closing Ninja Theory, Double Fine and Compulsion Games

Xbox is reportedly closing Ninja Theory, Double Fine and Compulsion Games Studio leaders are trying to buy themselves back before being shut down for good. Xbox is preparing to shut down or sell at least three of its studios — Double Fine, Ninja Theory and Compulsion Games — according to reports from The Verge and Bloomberg on Monday. Ninja Theory employees were informed on Monday that the studio would be closing, according to The Verge, but the team is attempting to find a buyer that can...

Engadget 8m ago

Banned Book Library in a Wi-Fi Smart Light Bulb

Overview A long while back I had an idea to hack a WiFi smart light bulb to do something more useful to me. Actually, I had a few different ideas of things to do with them. One of these ideas was to modify the device to have an open WiFi access point and a web server hosting banned books.

Hacker News 49m ago

Swedish parliament abolishes permanent residence visas for migrants

Permanent residence permits to be abolished Published: The Riksdag voted in favour of the Government’s proposal which includes the abolition of permanent residence permits for people in need of protection and people who have been long-term residents in Sweden, as well as their relatives. The proposal is one component of the efforts to adapt Sweden’s regulatory framework for the granting of international protection and asylum procedures to the minimum guarantees set out in EU law.

Hacker News 1h ago

UK announces social media ban for under-16s

UK announces social media ban for under-16s June 16, 2026Children under the age of 16 will be banned from using social media in the United Kingdom from early next year, the British government announced on Monday. Prime Minister Keir Starmer said that popular social media platforms such as Snapchat, TikTok, YouTube, Instagram, Facebook and X (formerly Twitter) were "designed to be addictive," making them "dangerous" and making youngsters "unhappy." The ban, which Starmer hopes will be passed...

Deutsche Welle 1h ago