• Category: Security
  • Status: confirmed
  • Sources: Cisco advisory, Help Net Security
  • Summary: CVE-2026-20245 is a command injection flaw in the Cisco Catalyst SD-WAN Manager, Controller, and Validator CLI that allows a local attacker with netadmin privileges to execute arbitrary commands as root. Cisco confirmed active exploitation in limited cases, credited Mandiant with reporting. No patch is available as of 2026-06-12. CISA added the CVE to KEV on 2026-06-09. Cisco's interim guidance is to upgrade to the fixed software from CVE-2026-20182 and collect admin-tech output as forensic evidence before upgrading.
  • Why it matters: Network teams running Cisco SD-WAN have no patch path; any system with netadmin credentials exposed is potentially compromised.
  • Follow-up: Watch for Cisco patch release.

Send feedback on this story