
CVE-2026-20245 Zero-Day Exploited in Cisco Catalyst SD-WAN Manager to Gain Root Access
A newly disclosed zero-day vulnerability, CVE-2026-20245, has been exploited by a threat actor targeting Cisco Catalyst SD-WAN Manager. By exploiting a flaw in the platform's file to upload functionality, the threat actor escalated privileges from a compromised administrative account to root access and used extensive anti-forensic measures to erase evidence of the attack.
Threat Actor Abused Cisco Catalyst SD-WAN Manager to Gain Root Access
Mandiant found that the threat actor initially established unauthorized peering connections before accessing Cisco Catalyst SD-WAN Manager over SSH. In March 2026, the attacker authenticated using the default vmanage-admin account, changed the defaul...