EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Cisco patches actively exploited SD-WAN zero-day; Fortinet and Check Point vulnerabilities also targeted

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-15 20:13 UTCUpdated 2026-06-16 13:13 UTC
rss
cveexploitssecurity_toolingincident_responsesecurity_policy
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (6)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Cisco security advisory (AV26-602)
Canadian Centre for Cyber Security - Alerts · News · cyber.gc.ca · 2026-06-16 12:26 UTC
View all evidence
Overview

Cisco has released security updates for a medium-severity zero-day vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager software, which allows authenticated attackers to write arbitrary files and potentially escalate privileges.

Entities
CiscoFortinetCheck Point
Score total
1.58
Momentum 24h
6
Posts
6
Origins
5
Source types
1
Duplicate ratio
17%
Why now
  • Cisco's SD-WAN zero-day is currently exploited in the wild, requiring urgent mitigation.
  • Fortinet and Check Point vulnerabilities have been recently observed under active attack.
  • Security agencies have issued advisories and added these flaws to known exploited vulnerability databases.
Why it matters
  • Active exploitation of zero-day vulnerabilities poses immediate risk to enterprise networks.
  • Prompt patching is critical to prevent privilege escalation and unauthorized access.
  • Widespread use of outdated protocols like IKEv1 increases attack surface for VPN products.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Cisco Catalyst SD-WAN Manager has a zero-day vulnerability (CVE-2026-20262) allowing arbitrary file write and privilege escalation, actively exploited in the wild.
  • Multiple critical vulnerabilities in Fortinet FortiSandbox, including CVE-2026-39813, are being actively exploited by attackers.
  • Check Point patched zero-day vulnerabilities (CVE-2026-50751 and CVE-2026-50752) in Remote and Mobile Access VPN products using IKEv1, which were exploited to gain unauthorized VPN access and deploy ransomware.
How sources frame it
  • SecurityWeek And CSO Online: neutral
All evidence
All evidence
Cisco security advisory (AV26-602)
Canadian Centre for Cyber Security - Alerts · cyber.gc.ca · 2026-06-16 12:26 UTC
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
thehackernews · thehackernews.com · 2026-06-16 10:30 UTC
Cisco patches SD-WAN flaw amid evidence of active exploitation
CSO Online · csoonline.com · 2026-06-16 09:45 UTC
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks
SecurityWeek · securityweek.com · 2026-06-16 06:20 UTC
NCSC-2026-0179 [1.01] [H/H] Kwetsbaarheden verholpen in Check Point Remote and Mobile Access VPN-producten
NCSC NL Security Advisories · advisories.ncsc.nl · 2026-06-16 13:13 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • Canadian Centre for Cyber Security - Alerts (1)
  • thehackernews (1)
  • CSO Online (1)
  • SecurityWeek (1)
  • NCSC NL Security Advisories (1)
Top origin domains (this list)
  • cyber.gc.ca (1)
  • thehackernews.com (1)
  • csoonline.com (1)
  • securityweek.com (1)
  • advisories.ncsc.nl (1)