A critical zero-day vulnerability, CVE-2026-20245, in Cisco Catalyst SD-WAN was exploited by unknown threat actors at least two months before its public disclosure, allowing authenticated attackers to execute arbitrary commands with elevated privileges. This flaw, with a CVSS base score of 7.8, enables netadmin-privileged users to run commands using a crafted file, posing significant security risks. Cisco has acknowledged active exploitation and released patches to address the issue1. The vulnerability's exploitation status is being closely monitored, particularly in discussions involving Google, to determine the necessary course of action. This incident highlights the importance of prompt patching and monitoring for similar vulnerabilities. The fact that hackers were able to exploit this flaw for months before disclosure underscores the need for proactive security measures, making it crucial for practitioners to prioritize patching and monitoring to prevent similar attacks.
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure
⚠️ Critical Alert
Why This Matters
CVE-2026-20245 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- SecurityAffairs. (2026, June 25). Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure. *SecurityAffairs*. https://securityaffairs.com/194200/hacking/cisco-catalyst-sd-wan-zero-day-cve-2026-20245-exploited-months-before-disclosure.html
Original Source
SecurityAffairs
Read original →