Cisco SD-WAN make-me-root bug under attack

Cisco today issued a fix for a Catalyst SD-WAN Manager bug that attackers have already spotted and exploited to get root privileges, according to both the networking vendor and the feds. The vulnerability, tracked as CVE-2026-20262, is in the web UI of Cisco Catalyst SD-WAN Manager, and exists because the software is not properly validating user-supplied input during a file upload process. “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API en