๐ก๏ธ **BREAKING // SECURITY ALERT โ CISCO CATALYST SD-WAN ZERO-DAY ACTIVELY EXPLOITED (CVE-2026-20245)**
Published Thursday, June 25, 2026 at 12:50 AM PT Organizations running Cisco Catalyst SD-WAN Manager are under active exploitation via an unpatched or recently patched zero-day vulnerability enabling root-level access; immediate assessment and mitigation action required. DETAILS CVE-2026-20245 affects Cisco Catalyst SD-WAN Manager and has been confirmed exploited in the wild; Mandiant has published technical analysis detailing how attackers leveraged the flaw to achieve root access on affected systems. Google Threat Intelligence confirms zero-day exploitation, with attackers observed selectively deleting and restoring system configuration files โ a technique consistent with persistent access operations and evidence destruction. CyberScoop reports at least one confirmed victim is a communications service provider, where threat actors obtained the highest available access level. Attribution and broader victim scope remain unconfirmed at this time. SecurityWeek reports the vulnerability was exploited for an extended period prior to patching, making this the seventh Cisco SD-WAN vulnerability exploited in 2026. Patch availability status should be verified directly with Cisco โ it is unclear from available reporting whether a full patch is currently released or still pending. This event occurs alongside separate active exploitation of Cisco Unified CM (CVE-2026-20230), indicating a broader threat actor focus on Cisco network infrastructure in the current period. IMPACT ...