Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)

Vulnerability
First reported
Last updated
Happening score
H score 60
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2026-20245 in Cisco Catalyst SD-WAN Manager is an unpatched zero-day being actively exploited, exposing all deployment types to root command execution. Cisco said the flaw stems from insufficient validation of user-supplied input and can let a low-privilege local attacker run arbitrary commands as root. The issue was tied to exploitation first seen in June, with Cisco warning that impact can include configuration changes on edge devices.

Related Happenings

Cisco Secure Workload REST API validation/authentication flaw (CVE-2026-20223)

Vulnerability
First: 21.05.2026 15:04 Last: 21.05.2026 15:04 Sources 1

About this happening: **Cisco Secure Workload Cluster Software** was patched for **CVE-2026-20223**, a **critical** REST API flaw that could let attackers gain **Site Admin privileges** and cross tenan...

Open Happening

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

Cisco Catalyst SD-WAN Manager information disclosure vulnerability (CVE-2026-20133)

Vulnerability
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: CISA moved **CVE-2026-20133** in **Cisco Catalyst SD-WAN Manager** into its **KEV Catalog**, signaling **active exploitation** against **unpatched devices** and forcing **FCEB age...

Open Happening

CISA KEV directive for CVE-2026-20133

Public Sector Action
First: 21.04.2026 15:30 Last: 21.04.2026 15:30 Sources 1

About this happening: On **Monday, April 21, 2026**, **CISA** added **CVE-2026-20133** to the **KEV Catalog** and ordered **FCEB agencies** to secure their networks by **Friday, April 24**. The directi...

Open Happening

Cisco Catalyst SD-WAN active exploitation wave

Exploitation Wave
First: 05.03.2026 14:15 Last: 05.03.2026 14:15 Sources 1

About this happening: **Cisco** confirmed **active exploitation** of **two recently patched Catalyst SD-WAN vulnerabilities**, creating immediate risk for exposed systems that have not been fully remed...

Open Happening

Timeline

  1. 05.06.2026 09:24 2 articles · 16h ago

    Initial report: Cisco Catalyst SD-WAN Manager root privilege escalation flaw (CVE-2026-20245)

    Initial Disclosure

    **Cisco Catalyst SD-WAN Manager** entered an active exploitation phase after Cisco warned on **Thursday** that **CVE-2026-20245** was being abused as a **zero-day** for **root privilege escalation**. The weakness was linked to exploitation seen in **June** and to malicious file uploads against the management system.

    Show sources
    Open in new tab