Cisco has patched a medium-severity vulnerability (CVE-2026-20262) in Catalyst SD-WAN Manager that is being actively exploited in the wild. The flaw allows an authenticated remote attacker to create files or URLs via the web UI, posing a risk to organisations managing SD-WAN infrastructure. Active exploitation makes this more urgent than its CVSS score of 6.5 might suggest.

Security Architect’s Take: Apply Cisco’s security updates to Catalyst SD-WAN Manager immediately — active exploitation in the wild overrides the medium CVSS rating. Review web UI access controls and restrict SD-WAN Manager exposure to trusted networks or VPN-only access while patching is under way.

Original advisory: Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw