Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Cisco said the flaw lets low-privilege attackers run commands as root and has already caused limited configuration changes on edge devices.
- On Thursday, Cisco warned of a high-severity, unpatched zero-day in its Catalyst SD-WAN Manager, tracked as CVE-2026-20245, allowing local attackers to execute arbitrary commands and elevate privileges to root user.
- Cisco stated insufficient validation of user-supplied input caused the flaw; Cisco Talos researchers linked exploitation to threat actor UAT-8616, previously connected to attacks involving CVE-2026-20127.
- The vulnerability carries a severity score of 7.8 and impacts all deployment types, including On-Prem Deployment and Cisco SD-WAN Cloud; Cisco confirmed limited cases where exploitation pushed configuration changes to edge devices.
- As no patch is currently available, Cisco advised customers to check SD-WAN logs for indicators of compromise. "For help determining if a Cisco Catalyst SD-WAN Manager has been compromised, customers may open a case with the Cisco TAC," the company added.
- This disclosure follows several recent Catalyst SD-WAN security issues, including CVE-2026-20182 with a severity score of 10; the Cybersecurity and Infrastructure Security Agency has tracked 90 Cisco vulnerabilities abused in the wild over recent years.
11 Articles
11 Articles
BleepingComputer
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation.
Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco's SD-WAN management software, and the networking giant hasn't said when it will patch the flaw. Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week. It's due to a validation error - the software fai…
Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet
Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, tracked as CVE-2026-20245 (CVSS base score of 7.8), in Cisco Catalyst SD-WAN Manager, the platform formerly known as SD-WAN vManage. An authenticated local […] This article has been indexed from Security Affairs Read the original article: Cisco SD-WAN Has…
Global Security Mag OnlineGlobal Security Mag OnlineA vulnerability has been discovered in Cisco Catalyst SD-WAN. It allows an attacker to cause an elevation of privileges. Cisco indicates that the vulnerability CVE-2026-20245 is actively exploited. See online: https://www.cert.ssi.gouv.fr/avis/C...
Just recently, malicious actors targeted Cisco's SD-WAN devices. Currently, they are attacking a new gap, warns Cisco.
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
