logo

CVE-2026-20245 Zero-Day Exploited in Cisco Catalyst SD-WAN Manager to Gain Root Access

ID: bbb7dd0f-607a-50b9-a33b-604e95954ea5

STIX ID: report--bbb7dd0f-607a-50b9-a33b-604e95954ea5

Feed Name: The Cyber Express

Threat Score
88/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Ashish Khaitan

...
...

Mandiant reported that a threat actor exploited a newly disclosed zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager by uploading a crafted CSV (evil_tenant.csv) to escalate privileges to root, create a troot account, exfiltrate SD-WAN fabric configurations, and perform extensive anti-forensic cleanup; recovered indicators include the SHA-256 b82936f37648518425c7d3cf9e09eaffa41d7cdb3840f6a40287e3a108880f7b and multiple rogue IP addresses, and Cisco has published patched versions and hardening guidance.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.