Storyline

Cisco patches actively exploited SD-WAN zero-day; Fortinet and Check Point vulnerabilities also targeted

Cisco has released security updates for a medium-severity zero-day vulnerability (CVE-2026-20262) in its Catalyst SD-WAN Manager software, which allows authenticated attackers to write arbitrary files and potentially escalate privileges.

Published 2026-06-15 12:48 UTCUpdated 2026-06-16 13:13 UTC

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (6)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw

BankInfoSecurity · News · bankinfosecurity.com · 2026-06-25 20:58 UTC

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-06-25 14:15 UTC

Why patch directives only go so far

CyberScoop · News · cyberscoop.com · 2026-06-25 09:00 UTC

Cisco SD-WAN Zero-Day Exploited Months Before Patching

SecurityWeek · News · securityweek.com · 2026-06-25 06:08 UTC

View all evidence

Overview

Score total

1.58

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

17%

Why now

Cisco's SD-WAN zero-day is currently exploited in the wild, requiring urgent mitigation.
Fortinet and Check Point vulnerabilities have been recently observed under active attack.
Security agencies have issued advisories and added these flaws to known exploited vulnerability databases.

Why it matters

Active exploitation of zero-day vulnerabilities poses immediate risk to enterprise networks.
Prompt patching is critical to prevent privilege escalation and unauthorized access.
Widespread use of outdated protocols like IKEv1 increases attack surface for VPN products.

Continuity snapshot