A zero-day vulnerability in Cisco's SD-WAN management software is being actively exploited by attackers, with no patch available to fix the issue. The high-severity flaw, tracked as CVE-2026-20245, is caused by a validation error that allows an authenticated, local attacker to upload a specially crafted file and exploit the vulnerability. Cisco issued an advisory for the Catalyst SD-WAN Manager vulnerability, but has not provided a timeline for a patch. The exploitation of this vulnerability has been ongoing for at least the last week, highlighting the urgent need for a fix. The fact that attackers are already taking advantage of this flaw makes it a critical concern for organizations using Cisco's SD-WAN management software1. This situation matters to security practitioners because it requires immediate attention to mitigate potential attacks, making it essential to monitor the situation closely for a patch or workaround.
Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
⚠️ Critical Alert
Why This Matters
CVE-2026-20245 is in active discussion involving Cisco — exploitation status determines whether this is patch-now or monitor.
References
- The Register. (2026, June 5). Yet another Cisco SD-WAN 0-day under attack, and no patch in sight. *The Register*. https://www.theregister.com/security/2026/06/05/yet-another-cisco-sd-wan-0-day-under-attack-and-no-patch-in-sight/5251855
Original Source
The Register
Read original →