{
  "title": "Cisco Catalyst SD-WAN Manager CVE-2026-20262: KEV Path Traversal in the Management Plane",
  "summary": "CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on 2026-06-15 with a 2026-06-29 due date. Cisco says authenticated attackers with at least write access can abuse a web-UI file-upload path traversal to create or overwrite files on affected systems across all SD-WAN deployment types.",
  "date": "2026-06-15",
  "severity": "high",
  "tags": [
    "cisco",
    "sd-wan",
    "cisa-kev",
    "path-traversal",
    "management-plane",
    "zero-day"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "cisco-sdwan-manager-cve-2026-20262-kev",
    "since": "2026-06-15T00:00:00Z",
    "until": "2026-06-15T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-20262"
    ],
    "cwes": [
      "CWE-22"
    ],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [
      "20.9.9.2",
      "20.12.7.2",
      "20.15.4.5",
      "20.15.5.3",
      "20.18.3.1",
      "26.1.1.2"
    ],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}