Cisco disclosed active exploitation of CVE-2026-20245, a high-severity flaw in Catalyst SD-WAN Manager affecting multiple deployment models. The vulnerability carries a CVSS score of 7.8 and impacts on-premises installations, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).
No patch currently exists for this vulnerability. Cisco's warning indicates threat actors are already weaponizing the flaw in the wild, creating immediate risk for affected organizations.
SD-WAN Manager serves as a central control point for software-defined wide area networks, making it a high-value target. Compromise of this component could allow attackers to intercept, redirect, or manipulate network traffic across an organization's WAN infrastructure. The breadth of affected deployment types suggests the threat extends beyond enterprise networks to government systems operating under FedRAMP authorization.
Organizations running any affected Catalyst SD-WAN Manager version should prioritize containment measures immediately. This includes restricting network access to the management interface, increasing monitoring for suspicious administrative activity, and reviewing access logs for unauthorized changes to SD-WAN policies or routing configurations.
Cisco has not released detailed technical information about the vulnerability's mechanics, but active exploitation typically indicates the flaw involves either authentication bypass, privilege escalation, or remote code execution. Organizations should contact Cisco support for guidance on interim mitigations while awaiting a patch.
The absence of available remediation places organizations in a difficult position. Risk mitigation strategies should focus on network segmentation, strong authentication controls for SD-WAN Manager access, and continuous monitoring for signs of compromise. Organizations should remain alert for Cisco's patch announcement and prioritize deployment as soon as it becomes available.