EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Storyline

Cisco SD-WAN zero-day exploited months before patching

A critical vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager was actively exploited by threat actors for at least three months before its public disclosure and patch release in early June 2026.

Published 2026-06-15 12:48 UTCUpdated 2026-06-25 20:58 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
BackEvidence (5)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw
BankInfoSecurity · News · bankinfosecurity.com · 2026-06-25 20:58 UTC
Why patch directives only go so far
CyberScoop · News · cyberscoop.com · 2026-06-25 09:00 UTC
Cisco SD-WAN Zero-Day Exploited Months Before Patching
SecurityWeek · News · securityweek.com · 2026-06-25 06:08 UTC
View all evidence
Overview

A critical vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager was actively exploited by threat actors for at least three months before its public disclosure and patch release in early June 2026.

Score total
1.59
Momentum 24h
5
Posts
5
Origins
5
Source types
1
Duplicate ratio
0%
Why now
  • Cisco's patch was released only recently after months of exploitation.
  • Mandiant's findings reveal ongoing active threats exploiting this flaw.
  • Emphasizes urgency for organizations to improve detection and response capabilities.
Why it matters
  • Exploitation before patching increases risk of widespread breaches.
  • Highlights the need for proactive security beyond patching.
  • Demonstrates attackers' ability to leverage zero-days for extended periods.
Continuity snapshot
  • Trend status: top.
  • Continuity stage: broad_confirmed.
  • Current status: open.
  • 5 current source-linked posts are attached to this storyline.
All evidence
All evidence
Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw
BankInfoSecurity · bankinfosecurity.com · 2026-06-25 20:58 UTC
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
Infosecurity Magazine · infosecurity-magazine.com · 2026-06-25 14:15 UTC
Why patch directives only go so far
CyberScoop · cyberscoop.com · 2026-06-25 09:00 UTC
Cisco SD-WAN Zero-Day Exploited Months Before Patching
SecurityWeek · securityweek.com · 2026-06-25 06:08 UTC
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
thehackernews · thehackernews.com · 2026-06-25 05:46 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • BankInfoSecurity (1)
  • Infosecurity Magazine (1)
  • CyberScoop (1)
  • SecurityWeek (1)
  • thehackernews (1)
Top origin domains (this list)
  • bankinfosecurity.com (1)
  • infosecurity-magazine.com (1)
  • cyberscoop.com (1)
  • securityweek.com (1)
  • thehackernews.com (1)