Cisco SD-WAN Vulnerability Exploited in the Wild with Root RCE Risks

Critical command-injection vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager permits authenticated users with netadmin privileges to execute arbitrary commands as root by uploading crafted files; exploitation observed in the wild (June 2026) has caused configuration changes on edge devices. Vendor patches are not yet available — administrators should audit local logs (e.g., scripts.log) and engage Cisco TAC for isolation and mitigations.