Attackers are actively exploiting a critical zero-day vulnerability in Cisco Catalyst SD-WAN Manager. The flaw, identified as CVE-2026-20245, allows authenticated users to execute arbitrary commands with root privileges. Cisco has not yet released a patch for this command injection and privilege escalation issue.
Google Mandiant researchers confirmed that attackers are using the flaw to deploy unauthorized configuration changes. These exploits target SD-WAN edge devices to disrupt network segmentation, routing, and security policies. Threat actors are combining this zero-day with authentication bypass vulnerabilities to gain initial access.