ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:45:58 UTC
← All briefs
HIGHCyber IntelligenceFriday, June 5, 2026

Cisco warns of active zero-day in SD-WAN Manager

Unpatched vulnerability allows attackers to escalate to root privileges on Catalyst SD-WAN Manager; no fix yet available.

Cisco disclosed Thursday that attackers are actively exploiting a high-severity zero-day vulnerability in its Catalyst SD-WAN Manager platform. Tracked as CVE-2026-20245, the flaw permits authenticated attackers to escalate privileges to root level on affected systems.

The vulnerability resides in the web interface of Cisco Catalyst SD-WAN Manager, a centralized management platform used by enterprises to configure and monitor software-defined wide area networks. Exploitation requires prior authentication, but once inside, an attacker can execute arbitrary commands with root privileges.

Cisco has not yet released a patch. The company confirmed active exploitation in the wild but provided no timeline for remediation. Organizations running Catalyst SD-WAN Manager should assume compromise is feasible for any actor with valid credentials or access to the management interface.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Enterprises using Cisco Catalyst SD-WAN Manager face elevated risk of network compromise until patch release.
  • 02Attackers with valid credentials can gain root access, enabling traffic interception and infrastructure reconfiguration.
  • 03Managed service providers operating SD-WAN infrastructure for clients should audit access controls immediately.
Source
BleepingComputer
https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#cisco#zero-day#sd-wan#privilege escalation#cve-2026-20245#network security
Related Briefs