Unknown attackers are actively exploiting a significant zero-day vulnerability in Cisco’s SD-WAN management software, identified as CVE-2026-20245. Cisco has not provided a timeline for when a patch will be available.
Details of the Vulnerability
The vulnerability arises from a validation error, which allows an authenticated local attacker to upload a specially crafted file to affected systems. This can lead to privilege escalation, enabling the attacker to execute commands with root privileges. All versions of the SD-WAN software are affected, regardless of deployment type, including on-premises, cloud-based, and FedRAMP-certified environments.
Current Exploitation Status
Cisco confirmed that it became aware of attacks exploiting this vulnerability in early June 2026. To successfully exploit this flaw, an attacker must possess netadmin privileges on the affected system. This typically requires valid credentials or prior exploitation of other vulnerabilities, specifically CVE-2026-20182 or CVE-2026-20127. Cisco has stated that it is not aware of successful exploitation through other means.
Recommendations and Context
In light of the ongoing exploitation, Cisco advises customers to upgrade to the fixed software released in May 2026 for CVE-2026-20182 as a precautionary measure. A patch for the current vulnerability will be issued at a later date. Customers seeking assistance are encouraged to contact Cisco’s Technical Assistance Center (TAC).
Broader Implications
This incident marks the sixth SD-WAN vulnerability under active attack in 2026, and it is the second zero-day vulnerability reported in just two months. Previous vulnerabilities, including CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122, were also exploited by attackers earlier this year. The repeated targeting of Cisco’s SD-WAN software indicates a troubling trend in cybersecurity, particularly as malicious actors seek to gain root access to critical network infrastructure.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
