CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 06, 2026

Cisco warns zero-day flaw in SD-WAN is being exploited - Cybersecurity Dive

Cybersecurity Dive Archived Jun 06, 2026 ✓ Full text saved

Cisco warns zero-day flaw in SD-WAN is being exploited Cybersecurity Dive

Full text archived locally
✦ AI Summary · Claude Sonnet


    Cisco warns zero-day flaw in SD-WAN is being exploited The company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks. Published June 5, 2026 David Jones Reporter Share License Add us on Google Cisco exhibition booth at Hannover Messe in Hannover, Germany, on April 2, 2019. The company in June 2026 warned of a zero-day vulnerability in Cisco Catalyst SD-WAN being exploited by hackers. Alamy Cisco on Thursday warned of a zero-day vulnerability in its Catalyst SD-WAN product that could allow an attacker to execute arbitrary commands as root.  The vulnerability, tracked as CVE-2026-20245, is the result of insufficient validation of user-supplied input. The flaw, which has a severity score of 7.8, could allow an attacker to conduct command-injection attacks and elevate privileges as the root user.  The company said it has confirmed a limited number of cases where the flaw was exploited, leading to a configuration change being pushed to edge devices.  Patch pending Cisco has thus far not released any patches and has no current workarounds.  The vulnerability was disclosed by Mandiant. A spokesperson for Google Threat Intelligence Group, which Mandiant is part of, was not immediately available. The company cautioned that in order to exploit the flaw, an attacker must have network administrator privileges on an affected system. This can be obtained only through valid credentials or prior exploitation of CVE-2026-20182, an authentication bypass flaw, or CVE-2026-20127, a flaw in the SD-WAN peering mechanism. Cisco is recommending customers upgrade to the software version disclosed in the May 14 advisory, which was linked to the disclosure of CVE-2026-20182. The company said in a statement the move would be considered “a protective measure.”   The company said a patch will be issued for CVE-2026-20245 in a future release date, but officials did not disclose a specific time frame. Customers needing help addressing these steps should contact the Cisco Technical Assistance Center, according to the spokesperson. The zero-day flaw is being disclosed about three weeks after CVE-2026-20182, which was a critical vulnerability with a severity score of 10. That vulnerability was immediately added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog.  Cisco Talos researchers linked the exploitation activity for the May threat activity to a threat actor tracked as UAT-8616. The same attacker had been linked to exploitation of CVE-2026-20127. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability, Threats
    💬 Team Notes
    Article Info
    Source
    Cybersecurity Dive
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 06, 2026
    Archived
    Jun 06, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗