Cisco SD-WAN Zero-Day Exploited Months Before Patching

CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek .

The article reports that CVE-2026-20245, a zero-day in the CLI of Cisco Catalyst SD-WAN Manager and related components, was exploited for months before public disclosure and patch availability, making it the seventh SD-WAN zero-day exploited in 2026.[1][4][6] The flaw allows an authenticated attacker with netadmin-level access to execute arbitrary commands as root via a crafted file, giving full control over the SD-WAN management plane.[1][2][6] From a CyberSE.AI perspective, this illustrates a critical third-party infrastructure risk for any AI workloads, agents, or data flows that traverse or depend on SD-WAN fabric, and highlights the need to treat network controllers as key elements in the AI supply chain. Organizations should maintain SBOM-level visibility into SD-WAN and other control-plane components, integrate vendor zero-day monitoring into AI risk management, and include SD-WAN compromise scenarios in continuous AI red teaming to understand potential lateral movement paths into AI agents, models, and training data environments.