CISA Adds Two Known Exploited Vulnerabilities to Catalog: Cisco Catalyst SD-WAN Manager and LiteSpeed cPanel Plugin
CISA added two actively exploited flaws to its KEV catalog on June 15: CVE-2026-20262, a directory/path traversal vulnerability in Cisco Catalyst SD-WAN Manager, and CVE-2026-54420, a UNIX symbolic link following vulnera.
At a glance
- CISA added CVE-2026-20262 (Cisco Catalyst SD-WAN Manager path traversal) and CVE-2026-54420 (LiteSpeed cPanel plugin symlink following) to the KEV catalog on June 15.
- Both additions were based on evidence of active exploitation.
VERDICT — CONFIRMED
CISA added two actively exploited flaws to its KEV catalog on June 15: CVE-2026-20262, a directory/path traversal vulnerability in Cisco Catalyst SD-WAN Manager, and CVE-2026-54420, a UNIX symbolic link following vulnerability in the LiteSpeed cPanel plugin. Per the alert, both were added based on evidence of active exploitation, and BOD 26-04 requires federal civilian agencies to prioritize rapid remediation of catalog entries.
Key facts on file
- CISA added CVE-2026-20262 (Cisco Catalyst SD-WAN Manager path traversal) and CVE-2026-54420 (LiteSpeed cPanel plugin symlink following) to the KEV catalog on June 15.
- Both additions were based on evidence of active exploitation.