Cisco SD-WAN Zero-Day Exploited Months Before Patching
Summary
A zero-day vulnerability in Cisco SD-WAN, identified as CVE-2026-20245, was actively exploited for months before Cisco released a patch. This marks the seventh such vulnerability in Cisco SD-WAN exploited this year.
IFF Assessment
The exploitation of a zero-day vulnerability in a widely used networking product represents a significant threat to organizations relying on that product.
Severity
The CVSS score is estimated to be high due to the critical nature of SD-WAN devices in network infrastructure, the potential for widespread impact, and the fact that it was exploited as a zero-day before patching.
CISA KEV: Listed as actively exploited. Federal patch due: June 23, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching Cisco SD-WAN devices immediately, especially if they have not already deployed mitigations. This incident highlights the importance of robust network segmentation and continuous monitoring for anomalous activity, as zero-day exploits can bypass traditional signature-based defenses.