Cisco releases security updates to address a vulnerability in its Catalyst SD-WAN Manager (vManage) software, tracked as CVE-2026-20262. Multiple outlets report that the flaw is being exploited in active zero-day attacks. According to the reports, attackers use the vulnerability to escalate privileges on affected systems, including moving to root-level access. Cisco’s update is intended to remediate the issue and block the exploitation path used by attackers.
One outlet also notes that a second Catalyst SD-WAN Manager-related “make-me-root” issue is reportedly under attack within the same month, indicating that Cisco has faced recurring exploitation attempts against its SD-WAN management components. The coverage emphasizes that the company is issuing patches in response to real-world exploitation, rather than purely theoretical risk.
The reports do not provide additional technical details in the excerpts, but they consistently describe the same general impact: privilege escalation to root following exploitation of a vManage flaw. Organizations running vulnerable Catalyst SD-WAN Manager versions are expected to apply Cisco’s security updates promptly.
