THE CISA maintains a Known Exploited Vulnerabilities (KEV) Catalog, aimed at aiding cybersecurity professionals in managing vulnerabilities. The catalog lists vulnerabilities that are actively exploited, helping organizations prioritize their vulnerability management. One specific entry is the CVE-2026-20245, related to Cisco Catalyst SD-WAN Manager, which poses a risk of arbitrary command execution by authenticated local attackers.
Organizations are advised to implement vendor-mitigation instructions or discontinue using the product if necessary. The KEV catalog is available in various formats, including CSV and JSON, and users can subscribe for updates on new entries.