CISA 2026-06-15

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Machine-generated analysis · WAYSCloud LLM

Two vulnerabilities involving path traversal in network and web management tools are now in the KEV catalog due to observed exploitation.

Context

The affected products are Cisco Catalyst SD-WAN Manager and the LiteSpeed cPanel Plugin, both of which are used in network and web server management. The advisory states that CVE-2026-20262 allows directory or path traversal in Cisco's SD-WAN Manager, and CVE-2026-54420 involves symlink following in the LiteSpeed cPanel Plugin, which could allow unauthorized file access. Worth noting is that both vulnerabilities are being actively exploited, prompting their inclusion in the catalog. The advisory does not specify whether exploitation has been observed in federal networks or other environments.

Operator considerations

Check: Cisco Catalyst SD-WAN Manager and LiteSpeed cPanel Plugin instances exposed to the internet.
Patch: Apply vendor-released updates for CVE-2026-20262 and CVE-2026-54420 if available.
Log: Monitor access logs for unusual file path requests or attempts to traverse directories on affected systems.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability

CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability

These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01. BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) l...

Read the full advisory on CISA →