Dark Reading First observed
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure ↗
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
4 reports · 4 sources · tracked since 11h ago
Actively exploited
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
AI synthesis Mandiant found threat actors exploited Cisco Catalyst SD-WAN zero-day CVE-2026-20245 as a zero-day two months before disclosure, creating rogue root accounts on devices.
Why this ranks Transparent score: 29
Editorially featured by AI
coverage +12 source breadth +8 urgency +5 freshness +4
What changed
Coverage timeline
Every report remains linked to its original publisher.
-
- BleepingComputer Coverage expanded
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access ↗
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]
- The Hacker News Coverage expanded
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access ↗
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-2...
- SecurityWeek Coverage expanded
Cisco SD-WAN Zero-Day Exploited Months Before Patching ↗
CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.