Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

Cisco released CVE-2026-20245, a root RCE in Catalyst SD-WAN Manager affecting authenticated netadmin users through malicious file uploads. This is the seventh SD-WAN zero-day exploited this year with confirmed cases of attackers modifying edge device configurations. No patches exist yet and workarounds are unavailable.

CRITICALAdvisoryJun 06, 2026

Action required

Immediately inventory all Catalyst SD-WAN Manager instances and restrict netadmin account access to only necessary personnel. Monitor SD-WAN Manager file upload activity and edge device configuration change logs for anomalies while awaiting patches.

Affected products

CiscoCatalyst SD-WAN ManagerMandiant

CVE IDs

CVE-2026-20245

Linked articles

Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

Source links

https://www.securityweek.com/cisco-warns-of-7th-sd-wan-zero-day-exploited-in-2026/