Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) "A

The article reports an actively exploited, unpatched zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that allows an authenticated local attacker with netadmin privileges to upload a crafted file and execute arbitrary commands as root due to insufficient input validation in the CLI.[1][2][5] Cisco notes there are no workarounds, it affects all SD-WAN deployment types (on‑prem, Cloud-Pro, Cisco-managed cloud, and Government/FedRAMP), and exploitation has in some cases resulted in malicious configuration changes being pushed to edge devices.[1][2][5] From a CyberSE.AI perspective, any AI-enabled or AI-orchestrated SaaS or network management stack that depends on this SD-WAN fabric inherits supply-chain and control-plane risk: a compromised SD-WAN Manager can sabotage traffic to or from AI services, exfiltrate model and data flows, or be used as a stable foothold for lateral movement into AI infrastructure. Organizations should treat SD-WAN controllers as high-value components in their AI architecture and prioritize hardening, access minimization, continuous compromise assessment, and red teaming of management planes that underpin AI workloads.