CVE-2026-20245EXPLOITED

cis · catalyst sd-wan

Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

Description

An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user.

Affected Products

Vendor	Product	Versions
cis	catalyst sd-wan	20.1.12, 19.2.1, 18.4.4, 18.4.5, 20.1.1.1, 20.1.1, 19.3.0, 19.2.2, 19.2.099, 18.3.6, 18.3.7, 19.2.0, 18.3.8, 19.0.0, 19.1.0, 18.4.302, 18.4.303, 19.2.097, 19.2.098, 17.2.10, 18.3.6.1, 19.0.1a, 18.2.0, 18.4.3, 18.4.1, 17.2.8, 18.3.3.1, 18.4.0, 18.3.1, 17.2.6, 17.2.9, 18.3.4, 17.2.5, 18.3.1.1, 18.3.5, 18.4.0.1, 18.3.3, 17.2.7, 17.2.4, 18.3.0, 19.2.3, 18.4.501_ES, 20.3.1, 20.1.2, 19.2.929, 19.2.31, 20.3.2, 19.2.32, 20.3.2_925, 20.3.2.1, 20.3.2.1_927, 18.4.6, 20.1.2_937, 20.4.1, 20.3.2_928, 20.3.2_929, 20.4.1.0.1, 20.3.2.1_930, 19.2.4, 20.5.0.1.1, 20.4.1.1, 20.3.3, 19.2.4.0.1, 20.3.2_937, 20.3.3.1, 20.5.1, 20.1.3, 20.3.3.0.4, 20.3.3.1.2, 20.3.3.1.1, 20.4.1.2, 20.3.3.0.2, 20.4.1.1.5, 20.4.1.0.01, 20.4.1.0.02, 20.3.3.1.7, 20.3.3.1.5, 20.5.1.0.1, 20.3.3.1.10, 20.3.3.0.8, 20.4.2, 20.4.2.0.1, 20.3.4, 20.3.3.0.14, 19.2.4.0.8, 19.2.4.0.9, 20.3.4.0.1, 20.3.2.0.5, 20.6.1, 20.5.1.0.2, 20.3.3.0.17, 20.6.1.1, 20.6.0.18.3, 20.3.2.0.6, 20.6.0.18.4, 20.4.2.0.2, 20.3.3.0.16, 20.3.4.0.5, 20.6.1.0.1, 20.3.4.0.6, 20.6.2, 20.7.1EFT2, 20.3.4.0.9, 20.3.4.0.11, 20.4.2.0.4, 20.3.3.0.18, 20.7.1, 20.6.2.1, 20.3.4.1, 20.5.1.1, 20.4.2.1, 20.4.2.1.1, 20.3.4.1.1, 20.3.813, 20.3.4.0.19, 20.4.2.2.1, 20.5.1.2, 20.3.4.2, 20.3.814, 20.4.2.2, 20.6.2.2, 20.3.4.2.1, 20.7.1.1, 20.3.4.1.2, 20.6.2.2.2, 20.3.4.0.20, 20.6.2.2.3, 20.4.2.2.2, 20.3.5, 20.6.2.0.4, 20.4.2.2.3, 20.3.4.0.24, 20.6.2.2.7, 20.6.3, 20.3.4.2.2, 20.4.2.2.4, 20.7.1.0.2, 20.8.1, 20.3.5.0.8, 20.3.5.0.9, 20.4.2.2.8, 20.3.5.0.7, 20.6.3.0.7, 20.6.3.0.5, 20.6.3.0.10, 20.6.3.0.2, 20.7.2, 20.9.1EFT2, 20.6.3.0.11, 20.6.3.1, 20.6.3.0.14, 20.6.4, 20.9.1, 20.6.3.0.19, 20.6.3.0.18, 20.3.6, 20.9.1.1, 20.6.3.0.23, 20.6.4.0.4, 20.6.3.0.25, 20.6.5, 20.6.3.0.27, 20.9.2, 20.9.2.1, 20.6.3.0.29, 20.6.3.0.31, 20.6.3.0.32, 20.10.1, 20.6.3.0.33, 20.9.2.0.01, 20.9.1_LI_Images, 20.10.1_LI_Images, 20.9.2_LI_Images, 20.3.7, 20.9.3, 20.6.5.1, 20.11.1, 20.11.1_LI_Images, 20.9.3_LI_ Images, 20.6.3.1.1, 20.9.3.0.2, 20.6.5.1.2, 20.9.3.0.3, 20.4.2.3, 20.6.3.2, 20.6.4.1, 20.6.3.0.38, 20.6.3.0.39, 20.3.5.1, 20.3.4.3, 20.9.3.1, 20.3.3.2, 20.6.5.2, 20.3.7.1, 20.10.1.1, 20.6.5.2.1, 20.3.4.0.25, 20.6.2.2.4, 20.6.1.2, 20.11.1.1, 20.9.3.0.5, 20.3.4.0.26, 20.6.5.1.3, 20.6.3.0.40, 20.1.3.1, 20.9.2.2, 20.6.5.2.3, 20.6.5.1.4, 20.6.5.3, 20.6.3.0.41, 20.9.3.0.7, 20.6.5.1.5, 20.9.3.0.4, 20.6.4.0.19, 20.6.5.1.6, 20.9.3.0.8, 20.6.3.3, 20.3.7.2, 20.6.5.4, 20.6.5.1.7, 20.9.3.0.12, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.11.1.2, 20.6.3.4, 20.10.1.2, 20.6.5.1.9, 20.9.3.0.16, 20.6.3.0.45, 20.6.5.1.10, 20.9.3.0.17, 20.6.5.2.4, 20.6.4.0.21, 20.9.3.0.18, 20.6.3.0.46, 20.6.3.0.47, 20.9.2.3, 20.9.3.2_LI_Images, 20.9.3.0.21, 20.9.3.0.20, 20.9.4_LI_Images, 20.9.4, 20.6.5.1.11, 20.12.1, 20.12.1_LI_Images, 20.6.5.1.13, 20.9.3.0.23, 20.6.5.2.8, 20.9.4.1, 20.9.4.1_LI_Images, 20.9.3.0.25, 20.9.3.0.24, 20.6.5.1.14, 20.3.8, 20.6.6, 20.9.3.0.26, 20.6.3.0.51, 20.9.3.0.29, 20.12.2, 20.12.2_LI_Images, 20.6.6.0.1, 20.13.1_LI_Images, 20.9.4.0.4, 20.13.1, 20.9.4.1.1, 20.9.5, 20.9.5_LI_Images, 20.12.3_LI_Images, 20.12.3, 20.9.4.1.3, 20.6.7, 20.9.5.1, 20.9.5.1_LI_Images, 20.9.4.1.6, 20.14.1, 20.14.1_LI_Images, 20.9.5.2, 20.9.5.2.1, 20.9.5.2_LI_Images, 20.12.3.1, 20.12.4, 20.15.1_LI_Images, 20.15.1, 20.9.5.1.4, 20.9.5.2.7, 20.9.5.2.13, 20.9.6, 20.9.6_LI_Images, 20.9.5.2.14, 20.6.8, 20.12.4.0.03, 20.16.1, 20.16.1_LI_Images, 20.12.4_LI_Images, 20.9.5.2.16, 20.12.4.0.4, 20.12.401, 20.9.5.3, 20.9.5.3_LI_Images, 20.12.4.1_LI_Images, 20.12.4.1, 20.9.5.2.21, 20.9.6.0.3, 20.12.4.0.6, 20.15.2_LI_Images, 20.15.2, 20.12.4_Monthly_ES5, 20.12.5, 20.12.5_LI_Images, 20.9.7_LI _Images, 20.9.7, 20.15.3, 20.15.3_ LI _Images, 20.12.501, 20.12.5.1_LI_Images, 20.12.5.1, 20.12.5.2_LI_Images, 20.12.5.2, 20.15.3.1, 20.15.4_LI_Images, 20.15.4, 20.9.7.1_LI _Images, 20.9.7.1, 20.18.1, 20.18.1_LI_Images, 20.12.6_LI_Images, 20.12.6, 20.12.5.1.01, 26.0.1, 20.9.8, 20.9.8_LI_Images, 20.18.2, 20.15.4.1_LI_Images, 20.15.4.1, 20.18.2_LI_Images, 26.1.1, 26.1.1_LI_Images, 20.18.2.1_LI_Images, 20.18.2.1, 20.15.4.2_LI_Images, 20.15.4.2, 20.12.6.1, 20.12.6.1_LI_Images, 20.12.5.3, 20.12.5.3_LI_Images, 20.9.8.2_LI_Images, 20.9.8.2, 20.18.3, 20.18.3_LI_Images, 20.15.5, 20.15.5_LI_Images, 20.12.7, 20.12.7_LI_Images, 20.9.9, 20.9.9_LI_Images, 20.18.2.2, 20.18.2.2_LI_Images, 20.12.5.4, 20.12.5.4_LI_ Images, 20.12.7.1_LI_Images, 20.12.6.2_LI_Images, 20.12.7.1, 20.15.5.1, 20.15.4.3, 20.15.4.3_LI_Images, 20.15.5.1_LI_Images, 20.12.6.2, 20.15.5.2, 20.15.5.2_LI_Images, 26.1.1.1_LI_Images, 20.15.4.4, 20.15.4.4_LI_Images, 26.1.1.1, 20.9.9.1_LI_Images, 20.9.9.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
cis	cisco catalyst sd-wan	cert_advisory	90%

References

Related News (11 articles)

Tier D

CSO Online1h ago

Attackers exploiting unpatched Cisco SD-WAN flaw

→ No new info (linked only)

Tier D

The Hacker News2d ago

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

→ No new info (linked only)

Tier E

Hacker News2d ago

Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

→ No new info (linked only)

Tier B

CCCS Canada3d ago

Cisco security advisory (AV26-551)

→ No new info (linked only)

Tier D

Heise Security3d ago

Cisco warnt vor neuer attackierter SD-WAN-Sicherheitslücke

→ No new info (linked only)

Tier B

BSI Advisories3d ago

[NEU] [UNGEPATCHT] [hoch] Cisco Catalyst SD-WAN Manager: Schwachstelle ermöglicht Privilegieneskalation

→ No new info (linked only)

Tier D

Help Net Security3d ago

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

→ No new info (linked only)

Tier D

BleepingComputer3d ago

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

→ No new info (linked only)

Tier D

SecurityWeek3d ago

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

→ No new info (linked only)

Tier B

CERT-FR3d ago

Vulnérabilité dans Cisco Catalyst SD-WAN (05 juin 2026)

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-20245 | Cisco Catalyst SD-WAN Manager up to 26.1.1_LI_Images File escape output (cisco-sa-sdwan-privesc-4uxFrdzx)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-116, CWE-20

PublishedJun 4, 2026

Last enriched1h agov7

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-20182EXPKEV

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Trending: 112

CRITICALCVE-2026-20230EXP

CVE-2026-20230: A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Ma

Trending: 59

HIGHCVE-2026-20233EXP

Cisco Webex Meetings Cross-Site Scripting Vulnerability

Trending: 36

HIGHCVE-2026-20175EXP

Cisco Finesse File Inclusion Vulnerability

Trending: 33

CRITICALCVE-2026-20223EXP

Cisco Secure Workload Unauthorized API Access Vulnerability

Trending: 8

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 4, 2026

Discovered by ZDM

Jun 4, 2026

Updated: description, severity, cvssEstimate

Jun 4, 2026

Updated: exploitAvailable, activelyExploited

Jun 5, 2026

Updated: cweIds, tags

Jun 5, 2026

Updated: iocs

Jun 5, 2026

Actively Exploited

Jun 6, 2026

Exploit Available

Jun 6, 2026

Updated: description, cweIds

Jun 8, 2026

Updated: description, tags

Jun 8, 2026

Version History

Last enriched 1h ago

v7Tier D1h ago

Updated description with technical details about command injection and added new vendor and product information along with a new IOC and tag.

descriptiontags

via CSO Online

v6Tier D1h ago

Updated description with additional technical details, added new CWE-20, and included new tags and IoCs.

descriptioncweIds

via CSO Online

v5Tier D3d ago

Added IOC for log file path and confirmed CVE IDs including CVE-2026-20182 and CVE-2026-20127.

iocs

via Heise Security

v4Tier D3d ago

Updated CVSS to 7.8, added new CWEs, and included IOC for log file examination.

cweIdstags

via Heise Security

v3Tier B3d ago

Updated exploit availability to true and marked the vulnerability as actively exploited.

exploitAvailableactivelyExploited

via BSI Advisories

v2Tier C3d ago

Updated description with new details, changed vendor to 'cisco', product to 'Cisco Catalyst SD-WAN Manager', added affected version '26.1.1_LI_Images', and updated severity to 'MEDIUM'.

descriptionseveritycvssEstimate

via VulDB

v14d ago

Initial creation

Affected Products

Vendor

Product

Versions

cis

catalyst sd-wan

20.1.12, 19.2.1, 18.4.4, 18.4.5, 20.1.1.1, 20.1.1, 19.3.0, 19.2.2, 19.2.099, 18.3.6, 18.3.7, 19.2.0, 18.3.8, 19.0.0, 19.1.0, 18.4.302, 18.4.303, 19.2.097, 19.2.098, 17.2.10, 18.3.6.1, 19.0.1a, 18.2.0, 18.4.3, 18.4.1, 17.2.8, 18.3.3.1, 18.4.0, 18.3.1, 17.2.6, 17.2.9, 18.3.4, 17.2.5, 18.3.1.1, 18.3.5, 18.4.0.1, 18.3.3, 17.2.7, 17.2.4, 18.3.0, 19.2.3, 18.4.501_ES, 20.3.1, 20.1.2, 19.2.929, 19.2.31, 20.3.2, 19.2.32, 20.3.2_925, 20.3.2.1, 20.3.2.1_927, 18.4.6, 20.1.2_937, 20.4.1, 20.3.2_928, 20.3.2_929, 20.4.1.0.1, 20.3.2.1_930, 19.2.4, 20.5.0.1.1, 20.4.1.1, 20.3.3, 19.2.4.0.1, 20.3.2_937, 20.3.3.1, 20.5.1, 20.1.3, 20.3.3.0.4, 20.3.3.1.2, 20.3.3.1.1, 20.4.1.2, 20.3.3.0.2, 20.4.1.1.5, 20.4.1.0.01, 20.4.1.0.02, 20.3.3.1.7, 20.3.3.1.5, 20.5.1.0.1, 20.3.3.1.10, 20.3.3.0.8, 20.4.2, 20.4.2.0.1, 20.3.4, 20.3.3.0.14, 19.2.4.0.8, 19.2.4.0.9, 20.3.4.0.1, 20.3.2.0.5, 20.6.1, 20.5.1.0.2, 20.3.3.0.17, 20.6.1.1, 20.6.0.18.3, 20.3.2.0.6, 20.6.0.18.4, 20.4.2.0.2, 20.3.3.0.16, 20.3.4.0.5, 20.6.1.0.1, 20.3.4.0.6, 20.6.2, 20.7.1EFT2, 20.3.4.0.9, 20.3.4.0.11, 20.4.2.0.4, 20.3.3.0.18, 20.7.1, 20.6.2.1, 20.3.4.1, 20.5.1.1, 20.4.2.1, 20.4.2.1.1, 20.3.4.1.1, 20.3.813, 20.3.4.0.19, 20.4.2.2.1, 20.5.1.2, 20.3.4.2, 20.3.814, 20.4.2.2, 20.6.2.2, 20.3.4.2.1, 20.7.1.1, 20.3.4.1.2, 20.6.2.2.2, 20.3.4.0.20, 20.6.2.2.3, 20.4.2.2.2, 20.3.5, 20.6.2.0.4, 20.4.2.2.3, 20.3.4.0.24, 20.6.2.2.7, 20.6.3, 20.3.4.2.2, 20.4.2.2.4, 20.7.1.0.2, 20.8.1, 20.3.5.0.8, 20.3.5.0.9, 20.4.2.2.8, 20.3.5.0.7, 20.6.3.0.7, 20.6.3.0.5, 20.6.3.0.10, 20.6.3.0.2, 20.7.2, 20.9.1EFT2, 20.6.3.0.11, 20.6.3.1, 20.6.3.0.14, 20.6.4, 20.9.1, 20.6.3.0.19, 20.6.3.0.18, 20.3.6, 20.9.1.1, 20.6.3.0.23, 20.6.4.0.4, 20.6.3.0.25, 20.6.5, 20.6.3.0.27, 20.9.2, 20.9.2.1, 20.6.3.0.29, 20.6.3.0.31, 20.6.3.0.32, 20.10.1, 20.6.3.0.33, 20.9.2.0.01, 20.9.1_LI_Images, 20.10.1_LI_Images, 20.9.2_LI_Images, 20.3.7, 20.9.3, 20.6.5.1, 20.11.1, 20.11.1_LI_Images, 20.9.3_LI_ Images, 20.6.3.1.1, 20.9.3.0.2, 20.6.5.1.2, 20.9.3.0.3, 20.4.2.3, 20.6.3.2, 20.6.4.1, 20.6.3.0.38, 20.6.3.0.39, 20.3.5.1, 20.3.4.3, 20.9.3.1, 20.3.3.2, 20.6.5.2, 20.3.7.1, 20.10.1.1, 20.6.5.2.1, 20.3.4.0.25, 20.6.2.2.4, 20.6.1.2, 20.11.1.1, 20.9.3.0.5, 20.3.4.0.26, 20.6.5.1.3, 20.6.3.0.40, 20.1.3.1, 20.9.2.2, 20.6.5.2.3, 20.6.5.1.4, 20.6.5.3, 20.6.3.0.41, 20.9.3.0.7, 20.6.5.1.5, 20.9.3.0.4, 20.6.4.0.19, 20.6.5.1.6, 20.9.3.0.8, 20.6.3.3, 20.3.7.2, 20.6.5.4, 20.6.5.1.7, 20.9.3.0.12, 20.6.4.2, 20.6.5.5, 20.9.3.2, 20.11.1.2, 20.6.3.4, 20.10.1.2, 20.6.5.1.9, 20.9.3.0.16, 20.6.3.0.45, 20.6.5.1.10, 20.9.3.0.17, 20.6.5.2.4, 20.6.4.0.21, 20.9.3.0.18, 20.6.3.0.46, 20.6.3.0.47, 20.9.2.3, 20.9.3.2_LI_Images, 20.9.3.0.21, 20.9.3.0.20, 20.9.4_LI_Images, 20.9.4, 20.6.5.1.11, 20.12.1, 20.12.1_LI_Images, 20.6.5.1.13, 20.9.3.0.23, 20.6.5.2.8, 20.9.4.1, 20.9.4.1_LI_Images, 20.9.3.0.25, 20.9.3.0.24, 20.6.5.1.14, 20.3.8, 20.6.6, 20.9.3.0.26, 20.6.3.0.51, 20.9.3.0.29, 20.12.2, 20.12.2_LI_Images, 20.6.6.0.1, 20.13.1_LI_Images, 20.9.4.0.4, 20.13.1, 20.9.4.1.1, 20.9.5, 20.9.5_LI_Images, 20.12.3_LI_Images, 20.12.3, 20.9.4.1.3, 20.6.7, 20.9.5.1, 20.9.5.1_LI_Images, 20.9.4.1.6, 20.14.1, 20.14.1_LI_Images, 20.9.5.2, 20.9.5.2.1, 20.9.5.2_LI_Images, 20.12.3.1, 20.12.4, 20.15.1_LI_Images, 20.15.1, 20.9.5.1.4, 20.9.5.2.7, 20.9.5.2.13, 20.9.6, 20.9.6_LI_Images, 20.9.5.2.14, 20.6.8, 20.12.4.0.03, 20.16.1, 20.16.1_LI_Images, 20.12.4_LI_Images, 20.9.5.2.16, 20.12.4.0.4, 20.12.401, 20.9.5.3, 20.9.5.3_LI_Images, 20.12.4.1_LI_Images, 20.12.4.1, 20.9.5.2.21, 20.9.6.0.3, 20.12.4.0.6, 20.15.2_LI_Images, 20.15.2, 20.12.4_Monthly_ES5, 20.12.5, 20.12.5_LI_Images, 20.9.7_LI _Images, 20.9.7, 20.15.3, 20.15.3_ LI _Images, 20.12.501, 20.12.5.1_LI_Images, 20.12.5.1, 20.12.5.2_LI_Images, 20.12.5.2, 20.15.3.1, 20.15.4_LI_Images, 20.15.4, 20.9.7.1_LI _Images, 20.9.7.1, 20.18.1, 20.18.1_LI_Images, 20.12.6_LI_Images, 20.12.6, 20.12.5.1.01, 26.0.1, 20.9.8, 20.9.8_LI_Images, 20.18.2, 20.15.4.1_LI_Images, 20.15.4.1, 20.18.2_LI_Images, 26.1.1, 26.1.1_LI_Images, 20.18.2.1_LI_Images, 20.18.2.1, 20.15.4.2_LI_Images, 20.15.4.2, 20.12.6.1, 20.12.6.1_LI_Images, 20.12.5.3, 20.12.5.3_LI_Images, 20.9.8.2_LI_Images, 20.9.8.2, 20.18.3, 20.18.3_LI_Images, 20.15.5, 20.15.5_LI_Images, 20.12.7, 20.12.7_LI_Images, 20.9.9, 20.9.9_LI_Images, 20.18.2.2, 20.18.2.2_LI_Images, 20.12.5.4, 20.12.5.4_LI_ Images, 20.12.7.1_LI_Images, 20.12.6.2_LI_Images, 20.12.7.1, 20.15.5.1, 20.15.4.3, 20.15.4.3_LI_Images, 20.15.5.1_LI_Images, 20.12.6.2, 20.15.5.2, 20.15.5.2_LI_Images, 26.1.1.1_LI_Images, 20.15.4.4, 20.15.4.4_LI_Images, 26.1.1.1, 20.9.9.1_LI_Images, 20.9.9.1

Vendor

Product

Source

Confidence

cis

cisco catalyst sd-wan

cert_advisory

90%