A path traversal vulnerability in Cisco Catalyst SD-WAN Manager allows authenticated remote attackers to create or overwrite files on affected systems. Organizations must apply vendor mitigations according to CISA BOD 26-04 guidance by the June 29, 2026 deadline. Cloud service operators should evaluate internet exposure and implement patching protocols or discontinue use if fixes are unavailable.

Why it matters in Western Canada: SD-WAN solutions are widely deployed in Western Canadian organizations for network management. This vulnerability could affect government, healthcare, energy, and financial sector networks that rely on Cisco infrastructure for secure remote connectivity.

CVEs: CVE-2026-20262

---

Summary generated from the original advisory. Read the full source: cisa-kev