logo

CVE-2026-20245: Cisco SD-WAN Manager Zero-Day Enables Root Command Execution

ID: dc253038-4301-56fd-a7f3-86fbf7757db8

STIX ID: report--dc253038-4301-56fd-a7f3-86fbf7757db8

Feed Name: SOC Prime Blog

Threat Score
90/100

Date Published: 2026-06-05

Date Updated: 2026-06-06

Author: SOC Prime Team

...
...

**Executive Summary:** Cisco disclosed CVE-2026-20245, a command-injection zero-day in the CLI of Catalyst SD-WAN Manager allowing an authenticated netadmin to execute arbitrary commands as root by uploading a crafted file; limited active exploitation was observed that resulted in configuration changes pushed to edge devices. No patch was available at disclosure, so recommended actions focus on evidence preservation (admin-tech collection), reviewing Cisco-published log indicators, verifying edge-device configurations, remediating related SD‑WAN access flaws, and engaging Cisco TAC if compromise is confirmed.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.