Cisco Customers Encounter Another SD-WAN Zero-Day Under Attack

**Executive summary:** A seventh actively exploited zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager has been disclosed with no patch available; because the flaw targets the centralized vManage management plane used by tens of thousands of enterprises, successful exploitation can expose WAN traffic, allow routing and VPN credential modification, and provide persistent network footholds — organizations are advised to restrict management access, enable enhanced logging and monitoring, segment the management plane, and hunt for the listed IOCs until a patch is released.