VulnHub

Real-time Cybersecurity News

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News
Actively Exploited
2 Sources
Reporting on this topic
The Hacker NewsSecurity Affairs
CVEZero-dayGoogleCiscoVulnerabilityCritical

Overview

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cisco Catalyst SD-WAN
  • Action Required: Companies should apply any available patches for the Cisco Catalyst SD-WAN and closely monitor their systems for unauthorized access attempts.
  • Timeline: Disclosed on [date]

Original Article Summary

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges

Impact

Cisco Catalyst SD-WAN

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date]

Remediation

Companies should apply any available patches for the Cisco Catalyst SD-WAN and closely monitor their systems for unauthorized access attempts. Regular updates and security audits are recommended to mitigate risks associated with this vulnerability.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Google, and 3 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Jun 25, 2026