Catalyst SD-WAN Manager
Coverage of Catalyst SD-WAN Manager in the Nexus archive.
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates to address a medium-severity vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager, which is being actively exploited. The flaw allows an authenticated remote attacker to create files via the web UI, with a CVSS score of 6.5.
- Cisco SD-WAN make-me-root bug under attack
Cisco issued a fix for a critical vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager, which attackers are actively exploiting to gain root privileges. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog and mandated federal agencies to patch within two weeks. The vulnerability arises from improper input validation during file uploads, requiring valid credentials for exploitation.
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco has issued a warning about a high-severity security flaw (CVE-2026-20245) in its Catalyst SD-WAN Manager, which is being actively exploited. The vulnerability, with a CVSS score of 7.8, affects multiple deployment types including On-Prem, Cloud-Pro, Cloud (Cisco Managed), and SD-WAN for Government (FedRAMP). No patch is currently available.
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
Cisco's SD-WAN management software is under attack due to a high-severity zero-day vulnerability (CVE-2026-20245), which allows authenticated attackers to escalate privileges and execute commands. Cisco has not yet released a patch, and this is the sixth SD-WAN vulnerability exploited since the year began.
- CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has warned U.S. government agencies to address a critical vulnerability in the Catalyst SD-WAN Manager, which is being actively exploited in cyberattacks. The agency has given four days to secure systems against this flaw.