Multiple critical security holes have been discovered in Cisco equipment that hackers are actively exploiting to gain total control of company networks. Two vulnerabilities stand out as particularly dangerous: one in Cisco's SD-WAN software and another in Cisco Unified Communications Manager.
The SD-WAN vulnerability, labeled CVE-2026-20245, is a zero-day flaw that allows attackers to gain root access to affected systems. Root access means hackers can do anything they want with the device, including stealing data, installing malware, or disrupting network operations. Security researchers at Mandiant discovered how attackers were using this vulnerability to penetrate networks before Cisco even released a patch to fix the problem.
What makes this situation worse is timing. According to security reports, hackers exploited the SD-WAN vulnerability for months before Cisco finally released patches. During that window, companies had no way to protect themselves through software updates. This gave attackers an extended opportunity to break into systems before the problem could be fixed.
The second vulnerability, CVE-2026-20230, affects Cisco Unified Communications Manager, software that handles company phone systems and communications. Security researchers discovered that this flaw allows attackers to write files to systems and eventually achieve root access. After researchers shared proof-of-concept code—essentially a demonstration of how to exploit the flaw—hackers began using this information in actual attacks.
These vulnerabilities highlight an important cybersecurity challenge. Zero-day flaws are security holes that vendors don't know about, so they haven't created patches yet. When hackers discover these holes first, they gain a significant advantage. Even when researchers find vulnerabilities and inform companies, delays in releasing patches can leave millions of users at risk.
Cisco's SD-WAN software is used by many businesses to connect their offices and remote workers, making it an attractive target for attackers seeking broad network access. Similarly, Cisco Unified Communications Manager controls critical communication infrastructure at many organizations.
Security experts recommend that companies using affected Cisco equipment apply patches as soon as they become available. Organizations should also monitor their networks for suspicious activity that might indicate a breach occurred before patches were installed. For those unable to immediately update, network administrators can implement additional security measures to reduce the risk of exploitation.
These incidents underscore why cybersecurity professionals emphasize the importance of timely software updates and why companies invest heavily in monitoring for unusual network activity that might signal an attack in progress.