Signal
Cisco Catalyst SD-WAN zero-day exploited months before patching
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-06-24 18:47 UTCUpdated 2026-06-25 14:15 UTC
rss
cveexploitssecurity_toolingincident_responsesecurity_policy
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
A critical vulnerability in Cisco Catalyst SD-WAN Manager (CVE-2026-20245) was exploited by unknown attackers at least two months before its public disclosure and patch release.
Entities
CiscoMandiantGoogleCheck PointCisco Catalyst SD-WAN ManagerEduard KovacsTim StarksGreg Otto
Score total
1.73
Momentum 24h
6
Posts
6
Origins
5
Source types
1
Duplicate ratio
0%
Why now
- The vulnerability was exploited months before public disclosure and patching, revealing a dangerous window of exposure.
- Multiple zero-days in Cisco SD-WAN have been actively exploited in 2026, indicating a persistent threat trend.
- Recent emergency directives from CISA emphasize urgency for organizations to address these vulnerabilities immediately.
Why it matters
- Cisco SD-WAN zero-day exploits enable attackers to gain root access, risking widespread network compromise.
- Timely patching is critical but insufficient alone to prevent advanced persistent threats exploiting such vulnerabilities.
- CISA's involvement underscores the national security implications of these vulnerabilities in widely used infrastructure.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- Cisco Catalyst SD-WAN zero-day CVE-2026-20245 was exploited months before public disclosure and patching
- Attackers gained root-level access to a communications service provider via the Cisco SD-WAN zero-day
- CISA has issued emergency directives and listed these Cisco SD-WAN vulnerabilities in its Known Exploited Vulnerabilities Catalog
How sources frame it
- Greg Otto: neutral
This cluster highlights the ongoing risk posed by zero-day vulnerabilities in critical network infrastructure and the limitations of patching as a sole defense measure.
All evidence
All evidence
The Hacker News
thehackernews.com · thehackernews.com · 2026-06-25 05:46 UTC
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
Infosecurity Magazine · infosecurity-magazine.com · 2026-06-25 14:15 UTC
Why patch directives only go so far
CyberScoop · cyberscoop.com · 2026-06-25 09:00 UTC
Cisco SD-WAN Zero-Day Exploited Months Before Patching
SecurityWeek · securityweek.com · 2026-06-25 06:08 UTC
UPDATE ALERT Cisco Catalyst SD-WAN Manager: CVSS (Max): 10.0
AusCERT - Bulletins · portal.auscert.org.au · 2026-06-25 01:42 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
- thehackernews.com (1)
- Infosecurity Magazine (1)
- CyberScoop (1)
- SecurityWeek (1)
- AusCERT - Bulletins (1)
Top origin domains (this list)
- thehackernews.com (1)
- infosecurity-magazine.com (1)
- cyberscoop.com (1)
- securityweek.com (1)
- portal.auscert.org.au (1)