Cisco warned customers about CVE-2026-20245, an unpatched Cisco Catalyst SD-WAN Manager vulnerability that is being exploited in the wild and can let an authenticated attacker run commands as root. The flaw requires netadmin privileges and has been linked to a series of Cisco SD-WAN exploits in 2026, including attacks previously associated with UAT-8616. #CVE-2026-20245 #CiscoCatalystSDWANManager #UAT-8616
Keypoints
- Cisco disclosed CVE-2026-20245 after confirming in-the-wild exploitation.
- The flaw affects the CLI of Cisco Catalyst SD-WAN Manager.
- An attacker can execute arbitrary commands as root through crafted files.
- Exploitation requires netadmin privileges, often gained through compromised credentials or other SD-WAN flaws.
- Cisco issued IoCs, but no workaround is available and a patch will come in a future release.
Read More: https://www.securityweek.com/cisco-warns-of-7th-sd-wan-zero-day-exploited-in-2026/