Arbitrary File Write in Cisco Catalyst SD-WAN Manager Web UI

This repository contains a standalone Python proof-of-concept exploit for CVE-2026-20262 affecting Cisco Catalyst SD-WAN Manager (vManage), plus a small Bash verification script and supporting documentation. The main exploit file, CVE-2026-20262.py, authenticates to the target web interface via /j_security_check, extracts a CSRF token/session state, and then abuses the AnyConnect profile upload endpoint /dataservice/settings/sdra/anyconnect/profile by placing a path traversal sequence in the multipart filename field. Its core capability is authenticated arbitrary file write on the underlying system. The exploit is operational rather than framework-based: it accepts a target URL, username, password, local file path, and attacker-chosen remote path, then uploads the local file contents to that remote location. The script also includes an optional verification step using /dataservice/file/read?path=... to test whether the file is accessible after upload. The repository documentation describes likely abuse paths such as dropping a malicious WAR into /var/lib/wildfly/standalone/deployments/ for probable server-side code execution, overwriting nginx configuration under /etc/nginx/conf.d/, or writing scripts into privileged directories. Additional files include README.md and NOTAS with vulnerability context, impact, and IOC guidance, an 'Ejecución Básica' usage note with example commands, and 'Script de Verificación Rápida', a Bash helper that queries /dataservice/version to identify potentially vulnerable versions. Overall, this is a real exploit repository centered on authenticated web-based path traversal leading to arbitrary file write, with clear post-exploitation potential but no embedded reverse shell or automated second-stage payload.