CVE-2026-20245

Vulnerability

A vulnerability in the Command Line Interface (CLI) of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) could allow an authenticated, local attacker to execute arbitrary commands as root. This vulnerability exists due to insufficient validation of user-supplied input when a crafted file is uploaded to the affected system. Affected versions are not explicitly detailed in the provided references, but the advisory was published in May 2026 [2].

Exploitation

An attacker must possess netadmin privileges on the affected system to exploit this vulnerability. This typically requires valid credentials or prior exploitation of other vulnerabilities such as CVE-2026-20182 or CVE-2026-20127. The attacker would then upload a crafted file to the system, triggering the command injection attack [2].

Impact

A successful exploit allows an attacker to perform command injection attacks and execute arbitrary commands as the root user. Cisco has observed limited cases where exploitation resulted in a configuration change being pushed to edge devices [2].

Mitigation

Cisco recommends upgrading to a fixed software version documented in the Catalyst SD-WAN Security Advisory published on May 14, 2026, and verifying the configuration of edge devices. Cisco has not released software updates that address this specific vulnerability, and there are no workarounds mentioned in the provided references. Customers are advised to collect admin-tech commands before upgrading and retain relevant logs [2].