Cisco customers encounter another SD-WAN zero-day under attack
ID: f880d4cb-8a17-54d6-95bc-8f24ba9fa7c4
STIX ID: report--f880d4cb-8a17-54d6-95bc-8f24ba9fa7c4
Feed Name: CyberScoop
Threat Score
Cisco disclosed an actively exploited zero-day (CVE-2026-20245) in Catalyst SD‑WAN Manager that allows authenticated or local attackers to perform command-injection leading to root-level command execution; a patch is not yet available, Cisco provided limited indicators of compromise, and exploitation appears to often require valid credentials or chaining from earlier SD‑WAN vulnerabilities (e.g., CVE-2026-20182 / CVE-2026-20127).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
