VulnHub

Real-time Cybersecurity News

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Security Affairs
Actively Exploited
2 Sources
Reporting on this topic
The Hacker NewsSecurity Affairs
CVEZero-dayGoogleCiscoVulnerabilityPatch

Overview

A serious vulnerability in Cisco Catalyst SD-WAN, identified as CVE-2026-20245, has been exploited by hackers for months before it was publicly disclosed. This flaw, which has a CVSS score of 7.8, allows authenticated attackers to execute privileged commands on affected systems. Google-owned Mandiant reported that the exploitation occurred at least two months prior to the disclosure, raising concerns about the security of networks using this technology. Organizations using Cisco Catalyst SD-WAN should take immediate action to secure their systems, as this vulnerability poses a significant risk to network integrity. The incident serves as a reminder of the importance of timely disclosure and patch management in cybersecurity.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cisco Catalyst SD-WAN
  • Action Required: Organizations should apply the latest security updates from Cisco for the Catalyst SD-WAN and ensure that all systems are patched against CVE-2026-20245.
  • Timeline: Disclosed on [date of the article, October 2023]

Original Article Summary

Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat actor exploited Cisco Catalyst SD-WAN vulnerability CVE-2026-20245 (CVSS base score of 7.8) as a zero-day at least two months before it was publicly disclosed. The flaw allows an authenticated attacker with […]

Impact

Cisco Catalyst SD-WAN

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date of the article, October 2023]

Remediation

Organizations should apply the latest security updates from Cisco for the Catalyst SD-WAN and ensure that all systems are patched against CVE-2026-20245. Regularly monitor for any updates from Cisco regarding this vulnerability and implement additional security measures such as network segmentation and strict access controls.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Zero-day, Google, and 3 more.

Multiple Sources: This threat is being reported by 2 different security sources, indicating significant concern within the cybersecurity community.

Read Original Article

Related Coverage

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

The Hacker News

A recently discovered vulnerability in Cisco Catalyst SD-WAN has been exploited by an unknown attacker for at least two months before its public disclosure. This security flaw, identified as CVE-2026-20245, has a high severity rating of 7.8 and allows an authenticated local attacker to execute arbitrary commands with elevated privileges. This means that if an attacker gains access to a system, they could potentially take control of critical functions within the network. Companies using Cisco Catalyst SD-WAN should be aware of the risk posed by this vulnerability and take immediate action to protect their systems. The findings from Mandiant underscore the importance of timely patching and monitoring for unusual activity in network environments.

Jun 25, 2026