Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

A zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager was exploited by a threat actor to gain root-level access. The vulnerability was caused by the device's file upload feature lacking proper filtering of malicious data. The threat actor used anti-forensic techniques to evade detection and maintained access through unauthorized peering connections. SD-WAN users should ensure their devices are patched and implement proper security measures to prevent similar attacks. Users should also be cautious of suspicious activity and maintain up-to-date backups.