ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:40:09 UTC
← All briefs
CRITICALCyber IntelligenceTuesday, June 16, 2026

Cisco Patches Exploited SD-WAN Zero-Day Under Active Attack

CVE-2026-20262 allows arbitrary file write on Catalyst SD-WAN Manager. Cisco confirms active exploitation in the wild.

Cisco has patched CVE-2026-20262, a zero-day vulnerability in its Catalyst SD-WAN Manager that attackers have exploited in live operations. The flaw permits arbitrary file write, a capability that can enable full system compromise.

The company disclosed the patch after becoming aware of active exploitation. This marks the second SD-WAN zero-day Cisco has addressed under live attack conditions in recent months, underscoring persistent targeting of enterprise network management platforms.

SD-WAN controllers manage routing, policy enforcement, and encryption across distributed networks. A write-anywhere primitive on such a platform grants an attacker the ability to inject malicious configurations, exfiltrate credentials, or pivot laterally across managed sites. Organizations running unpatched Catalyst SD-WAN Manager instances face immediate risk.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Enterprises using Catalyst SD-WAN Manager must patch immediately or face network-wide compromise.
  • 02Threat actors continue prioritizing SD-WAN infrastructure for initial access and lateral movement.
  • 03Security teams should audit SD-WAN controllers for indicators of prior exploitation.
Source
SecurityWeek
https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-exploited-in-attacks/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#cisco#sd-wan#zero-day#cve-2026-20262#network security#exploitation
Related Briefs