Signal

Active exploitation of file write vulnerabilities in Cisco SD-WAN Manager and Langflow

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-15 12:48 UTCUpdated 2026-06-15 23:56 UTC

rss

vulnerabilityexploitpatchincident_responsesecurity_tooling

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Cisco Catalyst SD-WAN Manager: CVSS (Max): 6.5

AusCERT - Bulletins · News · portal.auscert.org.au · 2026-06-15 23:56 UTC

Cisco SD-WAN make-me-root bug under attack

theregister_security · News · theregister.com · 2026-06-15 21:48 UTC

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

Cisco Security Advisories · News · sec.cloudapps.cisco.com · 2026-06-15 16:01 UTC

Langflow RCE under active attack months after a patch was shipped

CSO Online · News · csoonline.com · 2026-06-15 12:48 UTC

View all evidence

Overview

Cisco has released patches for a medium-severity arbitrary file write vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager web UI that allows authenticated attackers to overwrite files and potentially escalate to root.

Entities

CiscoLangflowJim Sherlock

Score total

1.21

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

Cisco vulnerability is already under active exploitation despite requiring credentials.
Langflow attacks continue months after a patch, highlighting slow adoption of fixes.
Both issues underscore the urgency of timely patching in critical infrastructure and AI platforms.

Why it matters

Exploitation of these vulnerabilities can lead to full system compromise and root-level access.
Cisco SD-WAN Manager is widely deployed in enterprise networks, increasing potential impact.
Langflow's default disabled login exposes thousands of internet-facing instances to attack.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Cisco Catalyst SD-WAN Manager has an arbitrary file write vulnerability exploitable by authenticated attackers to gain root access.
Langflow suffers from a path traversal vulnerability allowing unauthenticated remote code execution, with active exploitation ongoing months after a patch was released.

How sources frame it

Cisco Security Advisories: neutral
CSO Online: neutral

All evidence

All evidence

Cisco Catalyst SD-WAN Manager: CVSS (Max): 6.5

AusCERT - Bulletins · portal.auscert.org.au · 2026-06-15 23:56 UTC

Cisco SD-WAN make-me-root bug under attack

theregister_security · theregister.com · 2026-06-15 21:48 UTC

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

Cisco Security Advisories · sec.cloudapps.cisco.com · 2026-06-15 16:01 UTC

Langflow RCE under active attack months after a patch was shipped

CSO Online · csoonline.com · 2026-06-15 12:48 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

AusCERT - Bulletins (1)
theregister_security (1)
Cisco Security Advisories (1)
CSO Online (1)

Top origin domains (this list)

portal.auscert.org.au (1)
theregister.com (1)
sec.cloudapps.cisco.com (1)
csoonline.com (1)