A high-severity vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by an unknown threat actor to gain root access, at least two months prior to its public disclosure. This flaw, with a CVSS score of 7.8, enables an authenticated local attacker to execute arbitrary commands with elevated privileges, posing a significant security risk. The exploitation of this zero-day vulnerability underscores the importance of prompt patching and monitoring. According to findings from Google-owned Mandiant, the vulnerability was exploited in the wild before it was publicly known1. The fact that this vulnerability was exploited before its disclosure highlights the need for proactive security measures. This incident matters to security practitioners because it emphasizes the need for timely patches and vigilant monitoring to prevent similar attacks, particularly given the vulnerability's high severity and potential for widespread exploitation.
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
⚠️ Critical Alert
Why This Matters
CVE-2026-20245 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, June 25). Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access. *The Hacker News*. https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-zero-day-cve-2026.html
Original Source
The Hacker News
Read original →