{"uuid": "a8c1c23b-de36-479b-88fa-dd87a67cdaca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-20245", "type": "seen", "source": "https://threatintel.cc/2026/06/25/zeroday-exploitation-of-vulnerability-cve.html", "content": "Source URL: cloud.google.com/blog/topi&hellip;\u2028Mandiant reported that a threat actor targeting SD-WAN infrastructure at a service provider used a compromised administrative account and then exploited CVE-2026-20245, a zero-day vulnerability in Cisco Catalyst SD-WAN Manager, to escalate privileges to root. The vulnerability stems from insufficient filtering of malicious data in the device\u2019s file-upload functionality, and the actor reportedly used anti-forensic techniques such as selectively deleting and restoring modified configuration files to reduce detection. The issue is particularly relevant for organizations that rely on SD-WAN control planes because compromise of management infrastructure can have broad downstream impact across connectivity, routing, segmentation and service-provider trust boundaries.", "creation_timestamp": "2026-06-26T01:00:41.961166Z"}