Critical Vulnerability in Cisco SD-WAN Exploited Prior to Public Disclosure
Security researchers at Google-owned Mandiant have uncovered concerning evidence that a high-severity vulnerability in Cisco Catalyst SD-WAN was actively exploited in the wild months before its public disclosure. The vulnerability, designated CVE-2026-20245, carries a CVSS score of 7.8 and represents a significant threat to organizations utilizing the popular networking solution. What makes this discovery particularly alarming is that threat actors managed to leverage this security flaw as a zero-day, demonstrating a sophisticated understanding of enterprise network infrastructure.
The vulnerability allows authenticated local attackers to execute arbitrary commands with elevated privileges within affected SD-WAN implementations. This capability essentially provides root access to the underlying system, enabling malicious actors to potentially compromise entire network segments, exfiltrate sensitive data, or establish persistent access points. While the affected parties are specifically organizations deploying Cisco Catalyst SD-WAN products, the broader implications extend to any enterprise relying on software-defined networking architectures, as similar vulnerabilities could exist across the ecosystem.
For