Three CVEs in Cisco Catalyst SD-WAN Manager — including two authentication bypasses and one privilege escalation — have escalated from disclosed to actively exploited at a confirmed telecom provider, with attackers achieving highest-privilege (root/admin) access on the management controller. The EPSS score of 0.099 places exploitation probability at the 95th percentile, and CVE-2026-20245 is listed in CISA KEV. Any organization running Cisco Catalyst SD-WAN Manager should treat this as an emergency patch priority.