CVE-2026-20245: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
Summary
CISA has identified a critical vulnerability in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage. This improper encoding or escaping of output vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root. Federal agencies are required to apply mitigations by June 23, 2026, or discontinue use if mitigations are unavailable.
IFF Assessment
This vulnerability allows for arbitrary command execution as root, posing a significant risk to the integrity and confidentiality of affected systems.
Severity
The vulnerability allows for arbitrary command execution with root privileges, which is a high-impact outcome. The attack vector is local, and requires authentication, but the exploitability is considered high.
CISA KEV: Listed as actively exploited. Federal patch due: June 23, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Cisco Catalyst SD-WAN Manager poses a serious risk of command injection, potentially allowing attackers to gain full control of the system. Defenders should prioritize patching or applying mitigations provided by Cisco as soon as possible, especially for federal agencies with a set deadline. This highlights the ongoing need for vigilance regarding vulnerabilities in network management appliances.