Cisco confirms active exploitation of high-severity SD-WAN Manager flaw

Cisco has confirmed that a high-severity vulnerability in its Catalyst SD-WAN Manager software, tracked as CVE-2026-20245 with a CVSS score of 7.8, is being actively exploited in the wild. The flaw stems from insufficient validation of user-supplied input and could let an authenticated local attacker upload a specially crafted file to execute arbitrary commands with root privileges, opening the door to command injection and full privilege escalation. Cisco has urged customers running affected versions to apply available patches immediately rather than rely on temporary workarounds. The disclosure adds to a string of recent reports of attackers targeting widely deployed enterprise networking gear, underscoring the pressure security teams face to patch quickly once exploitation begins.