AI description
CVE-2026-20245 is a command injection vulnerability found in the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager, previously known as SD-WAN vManage. This flaw arises from insufficient validation of user-supplied input, allowing an authenticated attacker with netadmin privileges to upload a specially crafted file. Upon successful exploitation, the attacker can execute arbitrary commands as root on the affected system. Cisco has observed limited instances of this vulnerability being exploited in the wild, with some cases resulting in configuration changes being pushed to edge devices. It is noted that the required netadmin privileges can be obtained either through valid credentials or by leveraging other vulnerabilities, such as CVE-2026-20182 or CVE-2026-20127.
- Description
- A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- psirt@cisco.com
- CWE-116
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
CVE-2026-20245: Cisco SD-WAN Manager zero-day, actively exploited, no patch yet. Attackers had at least a week before disclosure. If you run Catalyst SD-WAN Manager: restrict management access to trusted IPs only. Treat as compromised until Cisco patches. #CVE #infosec https://t.
@byte_guard_blog
6 Jun 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
1/2π¨ Critical Zero-Day Alert: Cisco SD-WAN Manager Under Active Attack (No Patch Yet) π¨ https://t.co/QN4wt9D6Zc Cisco has just dropped a high-severity security advisory for a new zero-day vulnerability (CVE-2026-20245) affecting the Command-Line Interface (CLI) of Cisco h
@CyberDhaal
6 Jun 2026
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-48595 2 - CVE-2026-28318 3 - CVE-2026-20245 4 - CVE-2018-17144 5 - CVE-2026-20230 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jun 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco just disclosed CVE-2026-20245 β the 7th SD-WAN Manager zero-day exploited in the wild in 2026. Authenticated netadmin β root RCE via crafted file upload. If you run Catalyst SD-WAN, patch now. #ZeroDay #InfoSec #Cybersecurity
@infrasecserv
6 Jun 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco warned that CVE-2026-20245 in Catalyst SD-WAN Manager is under active exploitation. The flaw lets authenticated attackers execute arbitrary commands as root. https://t.co/EH0V2OgvbW #Cisco #CVE #Catalyst #SDWAN #RCE #CybersecurityNews #CyberSecurity #ThreatResQ
@ThreatResq
6 Jun 2026
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Cisco SD-WAN got its 7th zero-day IN 2026 β CVE-2026-20245 actively exploited, no patch. Attackers chain auth bypass bugs for root on Catalyst SD-WAN Manager. No workarounds. Audit edge configs. https://t.co/vuWu5xMFOM
@BunSnack
6 Jun 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/bab2X6wKXX
@wvipersg
6 Jun 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/6zvDXHdhUq
@cloudsecla14661
6 Jun 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/5v8GLFHrYw
@pigram86
6 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/1WJ8LidwSg
@molari999
6 Jun 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/jFT59ttegb https://t.co/EOk7YIsWbd
@evanderburg
6 Jun 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited β No Patch Available https://t.co/kv3xWVsavi https://t.co/Vov1rjCJXQ
@RigneySec
6 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-20245: Cisco 7th SD-WAN Zero-Day β Unpatched Root Escalation, No Patch Available https://t.co/jwZiMu1UkX
@seanwalker64354
6 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
β οΈ Cisco discloses CVE-2026-20245 β the 7th SD-WAN zero-day exploited in 2026. No patch available. Affects Catalyst SD-WAN Manager on-prem, cloud, and FedRAMP. Grants root command execution. Reported by Mandiant after Cisco confirmed active exploitation in the wild. #Cisco
@Divinmentis
6 Jun 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) https://t.co/zUUuc3y8po
@Whitehead4Jeff
5 Jun 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco SD-WAN (CVE-2026-20245) & Unified CM (CVE-2026-20230) actively exploited. Windows DNS Client RCE (CVE-2026-41096) & Oracle WebLogic Proxy (CVE-2026-21962) pose critical risks. Data privacy & integrity in transit are at stake. #Cybersecurity #News
@YourAnon_irc
5 Jun 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Patches CVE-2026-20245 Zero-Day in SD-WAN Manager #cve202620245 #ciscosdwan #zerodayexploit https://t.co/ZWKCTVzv9Y
@Anavem_
5 Jun 2026
393 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Acaba de confirmarse: una vulnerabilidad de escalada de privilegios de dΓa cero en Cisco Catalyst SD-WAN Manager, identificada como CVE-2026-20245, estΓ‘ siendo explotada por atacantes. Cisco Catalyst SD-WAN Manager es el producto afectado, y se requieren privilegios de netadmi
@BotBauR
5 Jun 2026
215 Impressions
2 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
π¨High - Cisco Catalyst SD-WAN Manager Authenticated Command Injection / Root Privilege Escalation (CVE-2026-20245) A command injection flaw in Cisco Catalyst SD-WAN Manager's CLI allows an attacker with netadmin privileges to upload a specially crafted file that triggers
@UpwindMDR
5 Jun 2026
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245): A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. βTo exploit thisβ¦ https://t.co/04S1Ud3ABc https
@shah_sheikh
5 Jun 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco informed customers about CVE-2026-20245, the seventh SD-WAN product vulnerability exploited in the wild in 2026. https://t.co/ojjjaSGQKn
@EduardKovacs
5 Jun 2026
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes