Executive Summary
CISA added CVE-2026-20245 to the Known Exploited Vulnerabilities catalog on 2026-06-09, with a remediation due date of 2026-06-23 CISA KEV opens in a new tab. Cisco's June 10 advisory version 1.5 scopes the flaw to Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator, regardless of configuration or deployment type Cisco opens in a new tab.
An attacker must already hold netadmin privileges, obtained through valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. A crafted uploaded file can trigger command injection and execute commands as root. Cisco observed limited cases where exploitation resulted in configuration changes pushed to edge devices. Cisco lists 20.18.3.1 and 26.1.1.2 as fixed releases; fixes for listed 20.9, 20.12, and 20.15 trains remained future releases as of 2026-06-10 Cisco opens in a new tab.