Cisco is dealing with a new zero-day vulnerability in its SD-WAN management software, marking the seventh such issue this year. The vulnerability, CVE-2026-20245, was discovered by Mandiant and is currently being exploited, but no security patch or workaround is available yet. The defect allows attackers with valid credentials or privileged access to execute root commands, leading to command-injection attacks. While the impact may be limited due to the requirement of existing privileges, previous vulnerabilities could potentially be used to exploit this new flaw. Cisco has advised customers to upgrade to a fixed software version released in May as a precaution and provided indicators of compromise to help distinguish between legitimate and malicious activities. The company is among the most targeted by cyber attacks, with several vulnerabilities added to the Cybersecurity and Infrastructure Security Agency’s catalog this year.
Are Cisco customers facing another SD-WAN zero-day attack?
