THREAT OPS › CVEs › CVE-2026-20245
CVE-2026-20245 — Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
Vulnerability details
- Affected productsCatalyst SD-WAN Manager
- KEV remediation due2026-06-23
Exploiting threat actors
- Earth LuscaG1006
Related reporting
- [CISA KEV] CVE-2026-20245 — Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerabilitycisa_kev
- Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Managermandiant_gti
- 29th June – Threat Intelligence Reportcheckpoint_research
- 22nd June – Threat Intelligence Reportcheckpoint_research
- Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation Vulnerabilitycisco_psirt
- June 2026 CVE Landscaperecordedfuture