Dark Reading ·EN Restricted Exploited in the wildCisco Catalyst SD-WAN
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
CVE Tools coverage
Mandiant reports that threat actors began exploiting a critical Cisco Catalyst SD-WAN flaw as early as March, about two months before Cisco’s early-June disclosure. The issue is tracked as CVE-2026-20245 and can let an attacker with administrator credentials execute commands that result in root-level access via the Cisco Catalyst SD-WAN Controller command-line interface. Because the vulnerability was added to CISA’s known exploited list and abused in attempts that also involved other SD-WAN Controller issues (CVE-2026-20182 and CVE-2026-20127), organizations should prioritize patching and hardening of Internet-facing network management components.