Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerability
Summary
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
CISA Known Exploited Vulnerability
- Listed:
- Feb 25, 2026 · federal remediation due Feb 27, 2026
- Required action:
- Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- Scope: This vulnerability affects Cisco Catalyst SD-WAN Controller, Cisco Catalyst SD-WAN Manager, and Cisco Catalyst SD-WAN Validator, regardless of device configuration.
- Release 20.9.9.1 and earlier (first fixed: 20.9.9.2)
- Release 20.12.7.1 and earlier (first fixed: 20.12.7.2)
- Release 20.15.4.4 and earlier (first fixed: 20.15.4.5)
- Release 20.15.5.2 and earlier (first fixed: 20.15.5.3)
- Release 20.18.3 (first fixed: 20.18.3.1)
- Release 26.1.1.1 and earlier (first fixed: 26.1.1.2)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 20.9.9.2
- 20.12.7.2
- 20.15.4.5
- 20.15.5.3
- 20.18.3.1
- 26.1.1.2
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 20.9.9.1 and earlier: upgrade to 20.9.9.2.
- Release 20.12.7.1 and earlier: upgrade to 20.12.7.2.
- Release 20.15.4.4 and earlier: upgrade to 20.15.4.5.
- Release 20.15.5.2 and earlier: upgrade to 20.15.5.3.
- Release 20.18.3: upgrade to 20.18.3.1.
- Release 26.1.1.1 and earlier: upgrade to 26.1.1.2.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.