CISCO WARNS OF UNPATCHED SD-WAN ZERO-DAY

Cisco disclosed CVE-2026-20245, a critical vulnerability affecting Cisco Catalyst SD-WAN Manager, on Thursday. The zero-day enables attackers to escalate privileges to root level on affected systems. The vulnerability is being actively exploited in the wild, according to Cisco's advisory. The company provided no immediate timeline for a security patch, though it confirmed the issue requires urgent remediation. SD-WAN (Software-Defined Wide Area Network) technology is widely deployed across enterprise networks to optimize traffic routing and reduce costs. Cisco's Catalyst SD-WAN Manager serves as a centralized control point for managing SD-WAN infrastructure, making it a critical asset for organizations relying on this architecture. Root privilege escalation represents a severe threat, granting attackers complete control over affected systems. From this position, adversaries can install persistent backdoors, exfiltrate sensitive data, or move laterally within networks to compromise additional infrastructure. Cisco has not disclosed the attack vector or technical details of the vulnerability pending patch availability. The company recommends organizations immediately review their SD-WAN deployments and implement network segmentation to limit access to the Catalyst SD-WAN Manager. Until a patch is released, Cisco suggests applying additional access controls, monitoring for suspicious activity, and isolating affected systems where possible. The company typically provides security updates through its standard advisory channels. This disclosure adds to mounting pressure on enterprise security teams managing Cisco infrastructure, following several high-impact vulnerabilities in Cisco products over the past year. Organizations should prioritize testing and deploying the security update immediately upon release.