Lead Story | Critical — Active Exploitation | Enterprise · IT Ops |
|
Cisco’s SD-WAN Manager has an unpatched zero-day — CVE-2026-20245 lets attackers run commands as root, and Mandiant has seen it used
The flaw lets an attacker who already holds network-admin access on the management appliance escalate to full root by uploading a crafted file; Google Mandiant, which reported it, has documented it chained with two authentication-bypass bugs, and Cisco has seen exploitation push rogue configurations to edge routers.
CVE-2026-20245 sits in the command-line interface of Cisco Catalyst SD-WAN Manager, the central controller for Cisco’s software-defined WAN fabric. It is rated 7.8. On its own the bug requires netadmin privileges, but Mandiant reports attackers chaining it with CVE-2026-20182 (rated 10.0) and CVE-2026-20127 — two authentication-bypass flaws — to reach that level without valid credentials, then uploading a crafted file to execute commands as root. Cisco confirms exploitation across on-premises, cloud-hosted, and FedRAMP government deployments. The Hacker News → Bleeping Computer →
Control of the SD-WAN Manager is control of the network: Cisco has already seen attackers push configuration changes to edge devices, which can reroute or intercept traffic across every connected site. There is no patch or workaround as of June 5. Cisco’s advisory lists detection guidance and indicators, and recommends restricting management-plane access to trusted administrators while a fix is prepared. Help Net Security →
→ Key Takeaway This is a confirmed, actively exploited zero-day in the controller that runs an entire SD-WAN fabric, and there is no patch yet. Attackers who reach the management plane can quietly rewrite the configuration of every edge router beneath it. Action: Ask your network team to apply Cisco’s May 14 fix for CVE-2026-20182 (which breaks the documented access chain), to restrict Cisco Catalyst SD-WAN Manager access to a small set of trusted administrators, and to watch for unexpected configuration changes pushed to edge devices. |
Quick Hits
| 01 |
A malicious npm package is stealing OpenAI Codex tokens on every run
Aikido Security found that codexui-android, an npm package with more than 29,000 weekly downloads, had spent roughly a month shipping developers’ Codex authentication tokens — access, refresh, and ID tokens — from ~/.codex/auth.json to a server dressed up as Sentry. Because OpenAI refresh tokens do not expire on their own, one stolen token lets an attacker keep impersonating the developer long after the fact. Ask your engineering team whether any build or developer machine has pulled codexui-android, and rotate Codex credentials if so. The Hacker News →
|
| 02 |
Qilin claims a Calgary oilfield-services firm
The Qilin ransomware group listed Trican Well Service, a Calgary-based oilfield-services company, on its leak site on June 4, claiming to have encrypted data and stolen files for double extortion. Energy operators remain a steady ransomware target, and a leak-site listing is often the first public sign a Canadian organization is heading into breach-notification and customer-disclosure decisions. Confirm your incident-response and breach-notification process is current before you need it. RedPacket Security →
|
CVE Watch
|
CVE Watch
CVE-2026-44338 (PraisonAI): An AI-agent framework that shipped with authentication turned off
PraisonAI’s bundled legacy Flask API server ships with authentication disabled by default, so anyone who can reach an exposed instance can list its agents through the /agents route and trigger the configured workflow through /chat with no token. Sysdig observed a scanner probing the exact vulnerable endpoint within three hours and 44 minutes of the May 11 advisory — a marker of how quickly exposed AI tooling gets found. The flaw affects versions 2.5.6 through 4.6.33 and is fixed in 4.6.34; no confirmed compromise has been reported, but treat any internet-exposed instance as a priority. Action: confirm no PraisonAI instance is reachable from the internet and update to 4.6.34 or later. Sysdig → The Hacker News →
| Product: PraisonAI · CVE: CVE-2026-44338 · CVSS: 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L — GitHub CNA; NIST NVD analysis pending) · Attack Vector: Network (unauthenticated) · Affected: PraisonAI 2.5.6 through 4.6.33 · Fix: 4.6.34 · Status: Public advisory May 11, 2026; rapid post-disclosure scanning, no confirmed compromise |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — ID.AM-01 — Identify: Asset Management
Know every SD-WAN controller before you have to isolate one
NIST CSF 2.0 ID.AM-01 calls for ensuring that “Inventories of hardware managed by the organization are maintained” — and an unpatchable zero-day like CVE-2026-20245 is only actionable if you already know which appliances run Cisco Catalyst SD-WAN Manager and where they sit. Without that inventory, the management consoles that most need restricted access and close monitoring this week are exactly the ones that quietly slip through. Action: Ask your team for an up-to-date inventory of every network-management appliance exposed to administrative access, and confirm Cisco Catalyst SD-WAN Manager instances are on it and access-restricted. NIST CSF 2.0 reference: csf.tools/id-am-01 →
|
On Our Radar
UEFI Secure Boot KEK certificate expiry — June 24, 2026 (16 days): Microsoft’s Corporation KEK CA 2011 expires June 24; the UEFI CA 2011 follows June 27; the Windows Production PCA 2011 expires October 2026. Organizations with dual-boot Linux configurations or air-gapped systems not receiving automatic firmware updates should confirm remediation plans now. Tracking since Issue #039. Microsoft Support →
|
