Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026

The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek .

SecurityWeek reports a seventh Cisco Catalyst SD-WAN zero-day in 2026, CVE-2026-20245, which allows arbitrary command execution as root and currently has no vendor patch available.[9] This continues a pattern of critical SD-WAN control-plane vulnerabilities (e.g., CVE-2026-20127, CVE-2026-20182) impacting on‑prem and cloud SD-WAN controller/manager components that underpin many organizations’ network and application delivery stacks.[1][4][5] From a CyberSE.AI perspective, any AI agents or LLM-integrated services that rely on Cisco SD-WAN for secure connectivity, routing, or access segmentation inherit this infrastructure risk as an AI supply-chain issue, since compromise of the SD-WAN controller could allow attackers to pivot into AI backends, data stores, or orchestration layers. Practically, organizations should treat SD-WAN as a critical dependency in their AI bill of materials (AI SBOM), track and rapidly mitigate controller zero-days, and use continuous AI red teaming to test how SD-WAN compromise could be abused to reach or manipulate AI systems.