SecurityJun 7, 2026
Cisco scrambles on an unpatched, actively exploited SD-WAN zero-day
Cisco disclosed CVE-2026-20245, a flaw in Catalyst SD-WAN Manager that lets a low-privileged attacker run commands as root by uploading a crafted file — its seventh exploited SD-WAN zero-day of 2026. Mandiant reported the bug; no patch is available yet, and Cisco has seen attackers push config changes to edge devices.
Why it matters: SD-WAN controllers sit at the center of corporate networks, so a root-level zero-day with no fix is a worst-case foothold for intruders.