Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

Cisco disclosed a 0-day privilege escalation (CVE-2026-20245) in Catalyst SD-WAN Manager that enables authenticated local attackers (requiring netadmin privileges or chaining from other vulnerabilities) to achieve root command execution by uploading crafted files; limited exploitation has been observed causing configuration changes to edge devices. Cisco credited Mandiant, released indicators of compromise and guidance to collect admin-tech logs before upgrading, and is rolling out patches with no workaround currently available.