Cisco SD-WAN Zero-Day Vulnerability Actively Exploited

A critical command injection vulnerability in Cisco Catalyst SD-WAN Manager, identified as CVE-2026-20245, has been actively exploited for at least two months prior to its public disclosure. Attackers used this zero-day flaw to gain root access, create hidden accounts, and exfiltrate network configurations from a communications service provider. CISA has added this vulnerability to its list of known exploited flaws, urging immediate attention.