Security
Cisco SD-WAN CVE-2026-20245 still unpatched; active exploitation confirmed
- Category: Security
- Status: confirmed
- Sources: Cisco advisory, Help Net Security
- Summary: CVE-2026-20245 is a command injection flaw in the Cisco Catalyst SD-WAN Manager, Controller, and Validator CLI that allows a local attacker with
netadminprivileges to execute arbitrary commands as root. Cisco confirmed active exploitation in limited cases, credited Mandiant with reporting. No patch is available as of 2026-06-12. CISA added the CVE to KEV on 2026-06-09. Cisco's interim guidance is to upgrade to the fixed software from CVE-2026-20182 and collect admin-tech output as forensic evidence before upgrading. - Why it matters: Network teams running Cisco SD-WAN have no patch path; any system with
netadmincredentials exposed is potentially compromised. - Follow-up: Watch for Cisco patch release.