Cisco has issued a warning regarding a high-severity, unpatched zero-day vulnerability in Cisco Catalyst SD-WAN Manager, tracked as CVE-2026-20245. This flaw is being actively exploited in the wild and allows local attackers with low privileges to escalate their permissions to root level. The vulnerability affects multiple deployment models, including on-premises and cloud-managed systems, and stems from insufficient validation of user-supplied input during file uploads.
Successful exploitation requires the attacker to already possess netadmin privileges, which Cisco notes can be achieved through the exploitation of other previously patched vulnerabilities like CVE-2026-20182 or CVE-2026-20127. While official security patches for CVE-2026-20245 are not yet available, organizations are advised to monitor their system logs for specific indicators of compromise provided by Cisco and ensure that related vulnerabilities used for initial access are addressed.
Top comments (0)