The improper encoding vulnerability in Cisco Catalyst SD-WAN Manager was already being actively exploited when Cisco disclosed it on June 6 without a patch. The KEV listing doesn't change that calculus, but it does start the federal compliance clock and signals CISA considers the risk severe enough to mandate action despite the remediation gap. Until a patch lands, the options are the workarounds Cisco outlined in the original advisory — restrict access to the management plane, isolate affected instances, and audit for signs of root-level command execution. The June 23 deadline applies to FCEB agencies, but if this is in your stack, treating it that way is reasonable given the exploitation activity already confirmed.