CISCO has reported a newly exploited SD-WAN product vulnerability, CVE-2026-20245, affecting the CLI of Cisco Catalyst SD-WAN Manager. This vulnerability allows authenticated local attackers to execute arbitrary commands as root through specially crafted files, stemming from inadequate validation of user input. Successful exploitation requires 'netadmin' privileges, potentially obtainable through compromised credentials or other SD-WAN vulnerabilities.
Cisco has not seen widespread exploitation but noted limited configuration changes due to the vulnerability. The indication of compromise details and patches will be released in a future update.