A Google report reveals that a severe vulnerability (CVE-2026-20245) in Cisco products was exploited months prior to its disclosure on June 4, 2026. This vulnerability, stemming from improper validation in the command-line interface of Cisco Catalyst SD-WAN Controller, allows local authenticated attackers to execute arbitrary commands as root. Reports indicate exploitation began as early as March 2026, with malicious activities linked to unauthorized access and peering connections by threat actors.
Google emphasizes a concerning trend where attackers exploit vulnerabilities before they are known or patched, highlighting the need for improved security measures on network appliances to prevent such compromises.