Cisco SD-WAN Zero-Day CVE-2026-20245: Root-Level Command Injection Exploited Two Months Before Disclosure
By
HackMoN Ai
13d ago· 8 min readenNews
Summary
Mandiant revealed that attackers exploited a critical zero-day command injection vulnerability (CVE-2026-20245, CVSS 7.8) in Cisco Catalyst SD-WAN Manager as early as March 2026, approximately two months before Cisco's public disclosure. The flaw allows authenticated attackers with netadmin privileges to execute arbitrary commands as root by uploading a crafted file, highlighting the ongoing threat to network infrastructure from sophisticated adversaries.
Source
bskyCisco SD-WAN Zero-Day CVE-2026-20245: Root-Level Command Injection Exploited Two Months Before Disclosureundercodetesting.comKey quotes
· 3 pulledMandiant has revealed that attackers exploited a critical zero-day vulnerability in Cisco Catalyst SD-WAN Manager—tracked as CVE-2026-20245—as early as March 2026, roughly two months before Cisco publicly disclosed it.
This high-severity command injection flaw (CVSS 7.8) allows authenticated attackers with netadmin privileges to execute arbitrary commands as root by uploading a crafted file.
In a stark reminder that network infrastructure remains a prime target for sophisticated adversaries...
Cisco SD-WAN Zero-Day CVE-2026-20245: The Root-Level Backdoor That Lurked for Two Months + Video - "Undercode Testing": Monitor hackers like a pro. Get
You might also wanna read
Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices
Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote
arstechnica.com·9mo ago
WAF - WAF Release - 2025-10-07 - Emergency
Cloudflare·9mo ago

WAF - WAF Release - 2025-09-28 - Emergency
Cloudflare·9mo ago

WAF - WAF Release - 2025-08-18
Cloudflare·10mo ago

WAF - WAF Release - 2025-11-21
Cloudflare·7mo ago

WAF - WAF Release - 2026-06-23
Cloudflare·15d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.