Attackers are actively exploiting a high-severity vulnerability in Cisco's Catalyst SD-WAN Manager, a flaw that allows authenticated attackers to escalate privileges to root and gain control of the entire system. The vulnerability, identified as CVE-2026-20245, has a CVSS score of 7.8, indicating a high level of severity, although it requires local access and netadmin privileges to exploit. These privileges can be obtained through stolen credentials, making it a significant concern for enterprise networks. Cisco has warned customers of the vulnerability, which is located in the command-line interface of the SD-WAN Manager1. The fact that attackers are already exploiting this flaw makes it a pressing issue for network administrators to address. This vulnerability matters to practitioners because it highlights the importance of prompt patching and robust access controls to prevent attackers from gaining control of critical network infrastructure.
Attackers exploiting unpatched Cisco SD-WAN flaw
⚠️ Critical Alert
Why This Matters
CVE-2026-20245 is in active discussion involving Cisco — exploitation status determines whether this is patch-now or monitor.
References
- CSO Online. (2026, June 8). Attackers exploiting unpatched Cisco SD-WAN flaw. *CSO Online*. https://www.csoonline.com/article/4182571/attackers-exploiting-unpatched-cisco-sd-wan-flaw.html
Original Source
CSO Online
Read original →