CISA has added CVE-2026-20262 (Cisco Catalyst SD-WAN Manager path traversal) and CVE-2026-54420 (LiteSpeed cPanel symlink following) to its Known Exploited Vulnerabilities catalog based on evidence of active attacks. These additions underscore the importance of rapid patching, particularly for vulnerabilities that grant full system control. CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV catalog entries.

Why it matters in Western Canada: Organizations across Western Canada in energy, finance, healthcare, and higher education sectors often rely on SD-WAN infrastructure and web hosting tools. Actively exploited vulnerabilities in these systems present immediate risk and should be prioritized for patching to prevent unauthorized access and data compromise.

CVEs: CVE-2026-20262, CVE-2026-54420

---

Summary generated from the original advisory. Read the full source: cisa-advisories