CVE Tools
Back to feed
The Hacker News ·EN News source Exploited in the wildCisco Catalyst SD-WAN

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

By The Hacker News··3 min read
CVE Tools coverage

Mandiant reports that an unknown actor exploited a Cisco Catalyst SD-WAN zero-day tracked as CVE-2026-20245 (CVSS 7.8) well before public disclosure, achieving elevated execution by feeding a crafted file that bypasses insufficient input validation. The attack targeted Cisco Catalyst SD-WAN controllers and included credential and anti-forensics activity, with unauthorized peering connections also linked to CVE-2026-20127 and CVE-2026-20182 during earlier observed activity. This matters because edge network devices like Cisco Catalyst SD-WAN often lack deep telemetry, making detection and forensic investigation harder after compromise.