Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
Summary
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process.
CISA Known Exploited Vulnerability
- Listed:
- Jun 15, 2026 · federal remediation due Jun 29, 2026
- Required action:
- Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- Scope: At the time of publication, this vulnerability affected Cisco Catalyst SD-WAN Manager, regardless of device configuration.
- Release 20.9.9.1 and earlier (first fixed: 20.9.9.2)
- Release 20.12.7.1 and earlier (first fixed: 20.12.7.2)
- Release 20.15.4.4 and earlier (first fixed: 20.15.4.5)
- Release 20.15.5.2 and earlier (first fixed: 20.15.5.3)
- Release 20.18.3 (first fixed: 20.18.3.1)
- Release 26.1.1.1 and earlier (first fixed: 26.1.1.2)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 20.9.9.2
- 20.12.7.2
- 20.15.4.5
- 20.15.5.3
- 20.18.3.1
- 26.1.1.2
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 20.9.9.1 and earlier: upgrade to 20.9.9.2.
- Release 20.12.7.1 and earlier: upgrade to 20.12.7.2.
- Release 20.15.4.4 and earlier: upgrade to 20.15.4.5.
- Release 20.15.5.2 and earlier: upgrade to 20.15.5.3.
- Release 20.18.3: upgrade to 20.18.3.1.
- Release 26.1.1.1 and earlier: upgrade to 26.1.1.2.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.