Cisco Patches Exploited SD-WAN Zero-Day Under Active Attack
CVE-2026-20262 allows arbitrary file write on Catalyst SD-WAN Manager. Cisco confirms active exploitation in the wild.
Cisco has patched CVE-2026-20262, a zero-day vulnerability in its Catalyst SD-WAN Manager that attackers have exploited in live operations. The flaw permits arbitrary file write, a capability that can enable full system compromise.
The company disclosed the patch after becoming aware of active exploitation. This marks the second SD-WAN zero-day Cisco has addressed under live attack conditions in recent months, underscoring persistent targeting of enterprise network management platforms.
SD-WAN controllers manage routing, policy enforcement, and encryption across distributed networks. A write-anywhere primitive on such a platform grants an attacker the ability to inject malicious configurations, exfiltrate credentials, or pivot laterally across managed sites. Organizations running unpatched Catalyst SD-WAN Manager instances face immediate risk.
- 01Enterprises using Catalyst SD-WAN Manager must patch immediately or face network-wide compromise.
- 02Threat actors continue prioritizing SD-WAN infrastructure for initial access and lateral movement.
- 03Security teams should audit SD-WAN controllers for indicators of prior exploitation.
Ransomware attack executed entirely by AI agent, researchers report
JadePuffer operation marks what may be the first documented case of a fully autonomous LLM-driven ransomware deployment from reconnaissance to encryption.
Agentic AI Executes Multi-Stage Ransomware Attack via Langflow
Demonstration shows large language model agents autonomously combining exploitation techniques with real-time reasoning to conduct complex intrusions without human intervention.
FortiBleed Attackers Monetize Firewall Access Through Ransomware Partnerships
Actors who compromised thousands of Fortinet devices are now collaborating with Inc and Lynx ransomware groups, adding Nextcloud exploitation to their toolkit.