CyberScoopCRITICALVulnerability disclosureBREAKING2026-06-09

Cisco SD-WAN Manager Zero-Day CVE-2026-20245 Actively Exploited

Seventh actively exploited zero-day in Cisco SD-WAN this year; validation error allows authenticated attackers to execute root commands via command injection.

Attack Brief

TargetCisco Catalyst SD-WAN ManagerVectorValidation error enabling command injection via authenticated/local access

Technical Details

CVE IDsCVE-2026-20245CVE-2026-20182CVE-2026-20127MITRE ATT&CKT1059T1078

Impact

Confirmed DamageLimited cases of configuration changes pushed to edge devices; exploitation requires valid credentials or prior compromise via CVE-2026-20182 or CVE-2026-20127

Mitigation

PatchesPatch availability: future date (not yet available as of disclosure)WorkaroundsNo workarounds available; Cisco advised upgrading to fixed software released in May as mitigation for CVE-2026-20182DetectionCisco provided indicators of compromise with caveat that log entries may occur during standard operations; contact Cisco TAC for assistance distinguishing legitimate from malicious activity

Context

Similar AttacksSeven Cisco SD-WAN and firewall vulnerabilities added to CISA KEV catalog in 2026; Cisco among most heavily targeted security vendors

Source

https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/by Mandiant (vulnerability discovery)on 2026-06-09T00:00:00Z

CVECVE-2026-20127 CVECVE-2026-20182 CVECVE-2026-20245 VendorCisco Incidentvulnerability_disclosure

Read full article on CyberScoop →← Back to news