Refine your search
3176 vulnerabilities found for by Cisco
CVE-2026-20136 (GCVE-0-2026-20136)
Vulnerability from cvelistv5
Published
2026-04-15 16:11
Modified
2026-04-16 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Summary
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.
This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 Version: 3.5.0 Version: 3.4 Patch 4 Version: 3.3 Patch 8 Version: 3.2 Patch 8 Version: 3.5 Patch 1 Version: 3.3 Patch 9 Version: 3.2 Patch 9 Version: 3.4 Patch 5 Version: 3.5 Patch 2 Version: 3.3 Patch 10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20136",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:30.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.2 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.2 Patch 9"
},
{
"status": "affected",
"version": "3.4 Patch 5"
},
{
"status": "affected",
"version": "3.5 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the\u0026nbsp;CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root.\r\n\r\nThis vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:29.398Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-cmd-inj-5WSJcYJB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-cmd-inj-5WSJcYJB"
}
],
"source": {
"advisory": "cisco-sa-ise-cmd-inj-5WSJcYJB",
"defects": [
"CSCwp98770"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20136",
"datePublished": "2026-04-15T16:11:29.398Z",
"dateReserved": "2025-10-08T11:59:15.381Z",
"dateUpdated": "2026-04-16T03:55:30.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20059 (GCVE-0-2026-20059)
Vulnerability from cvelistv5
Published
2026-04-15 16:11
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU3 Version: 14SU3a Version: 15 Version: 15SU1 Version: 14SU4 Version: 15SU2 Version: 15SU3 Version: 14SU5 Version: 15SU4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:41:31.162559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:33.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
},
{
"status": "affected",
"version": "15SU4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:22.828Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36822"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20059",
"datePublished": "2026-04-15T16:11:22.828Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:33.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20061 (GCVE-0-2026-20061)
Vulnerability from cvelistv5
Published
2026-04-15 16:11
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU3 Version: 14SU3a Version: 15 Version: 15SU1 Version: 14SU4 Version: 15SU2 Version: 15SU3 Version: 14SU5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:14.106646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:20.865Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36796"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection SQL Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20061",
"datePublished": "2026-04-15T16:11:20.865Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:34.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20060 (GCVE-0-2026-20060)
Vulnerability from cvelistv5
Published
2026-04-15 16:11
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: 14 Version: 14SU1 Version: 14SU2 Version: 14SU3 Version: 14SU3a Version: 15 Version: 15SU1 Version: 14SU4 Version: 15SU2 Version: 15SU3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:33.155641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\nThis vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:11:20.842Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-vulns-n2EJSbbw",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-vulns-n2EJSbbw"
}
],
"source": {
"advisory": "cisco-sa-unity-vulns-n2EJSbbw",
"defects": [
"CSCwq36828"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Open Redirect Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20060",
"datePublished": "2026-04-15T16:11:20.842Z",
"dateReserved": "2025-10-08T11:59:15.356Z",
"dateUpdated": "2026-04-15T16:56:34.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20170 (GCVE-0-2026-20170)
Vulnerability from cvelistv5
Published
2026-04-15 16:10
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed.
This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Webex Contact Center |
Version: N/A |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:42:50.336172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:34.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Webex Contact Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed.\r\n\r This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:10:03.920Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webexcc-xss-WEX5nUnA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webexcc-xss-WEX5nUnA"
}
],
"source": {
"advisory": "cisco-sa-webexcc-xss-WEX5nUnA",
"defects": [
"CSCwt50296"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20170",
"datePublished": "2026-04-15T16:10:03.920Z",
"dateReserved": "2025-10-08T11:59:15.391Z",
"dateUpdated": "2026-04-15T16:56:34.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20184 (GCVE-0-2026-20184)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-16 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.
This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Webex Meetings |
Version: 39.7.7 Version: 39.9 Version: 40.4.10 Version: 39.6 Version: 40.6.2 Version: 39.8.2 Version: 39.8.4 Version: 40.1 Version: 39.11 Version: 39.7.4 Version: 39.9.1 Version: 40.4 Version: 40.6 Version: 39.7 Version: 39.8 Version: 39.8.3 Version: 40.2 Version: 39.10 Version: 42.6 Version: 42.7 Version: 42.8 Version: 42.9 Version: 42.10 Version: 42.11 Version: 42.12 Version: 43.1 Version: 43.2 Version: 43.3 Version: 43.4 Version: 43.4.1 Version: 43.4.2 Version: 43.5.0 Version: 43.6.0 Version: 43.6.1 Version: 43.7 Version: 43.8 Version: 43.9 Version: 43.10 Version: 43.11 Version: 43.12 Version: 44.1 Version: 44.2 Version: 44.3 Version: 44.4 Version: 44.5 Version: 44.6 Version: 44.7 Version: 44.8 Version: 44.9 Version: 44.10 Version: 44.11 Version: 44.12 Version: 45.1 Version: 45.2 Version: 45.3 Version: 45.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:32.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Webex Meetings",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "39.7.7"
},
{
"status": "affected",
"version": "39.9"
},
{
"status": "affected",
"version": "40.4.10"
},
{
"status": "affected",
"version": "39.6"
},
{
"status": "affected",
"version": "40.6.2"
},
{
"status": "affected",
"version": "39.8.2"
},
{
"status": "affected",
"version": "39.8.4"
},
{
"status": "affected",
"version": "40.1"
},
{
"status": "affected",
"version": "39.11"
},
{
"status": "affected",
"version": "39.7.4"
},
{
"status": "affected",
"version": "39.9.1"
},
{
"status": "affected",
"version": "40.4"
},
{
"status": "affected",
"version": "40.6"
},
{
"status": "affected",
"version": "39.7"
},
{
"status": "affected",
"version": "39.8"
},
{
"status": "affected",
"version": "39.8.3"
},
{
"status": "affected",
"version": "40.2"
},
{
"status": "affected",
"version": "39.10"
},
{
"status": "affected",
"version": "42.6"
},
{
"status": "affected",
"version": "42.7"
},
{
"status": "affected",
"version": "42.8"
},
{
"status": "affected",
"version": "42.9"
},
{
"status": "affected",
"version": "42.10"
},
{
"status": "affected",
"version": "42.11"
},
{
"status": "affected",
"version": "42.12"
},
{
"status": "affected",
"version": "43.1"
},
{
"status": "affected",
"version": "43.2"
},
{
"status": "affected",
"version": "43.3"
},
{
"status": "affected",
"version": "43.4"
},
{
"status": "affected",
"version": "43.4.1"
},
{
"status": "affected",
"version": "43.4.2"
},
{
"status": "affected",
"version": "43.5.0"
},
{
"status": "affected",
"version": "43.6.0"
},
{
"status": "affected",
"version": "43.6.1"
},
{
"status": "affected",
"version": "43.7"
},
{
"status": "affected",
"version": "43.8"
},
{
"status": "affected",
"version": "43.9"
},
{
"status": "affected",
"version": "43.10"
},
{
"status": "affected",
"version": "43.11"
},
{
"status": "affected",
"version": "43.12"
},
{
"status": "affected",
"version": "44.1"
},
{
"status": "affected",
"version": "44.2"
},
{
"status": "affected",
"version": "44.3"
},
{
"status": "affected",
"version": "44.4"
},
{
"status": "affected",
"version": "44.5"
},
{
"status": "affected",
"version": "44.6"
},
{
"status": "affected",
"version": "44.7"
},
{
"status": "affected",
"version": "44.8"
},
{
"status": "affected",
"version": "44.9"
},
{
"status": "affected",
"version": "44.10"
},
{
"status": "affected",
"version": "44.11"
},
{
"status": "affected",
"version": "44.12"
},
{
"status": "affected",
"version": "45.1"
},
{
"status": "affected",
"version": "45.2"
},
{
"status": "affected",
"version": "45.3"
},
{
"status": "affected",
"version": "45.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\r\n\r\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:07:14.461Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-webex-cui-cert-8jSZYhWL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL"
}
],
"source": {
"advisory": "cisco-sa-webex-cui-cert-8jSZYhWL",
"defects": [
"CSCwt37111"
],
"discovery": "INTERNAL"
},
"title": "Cisco Webex Meetings Certificate Validation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20184",
"datePublished": "2026-04-15T16:03:59.646Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-04-16T19:07:14.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20180 (GCVE-0-2026-20180)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-16 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 Version: 3.5.0 Version: 3.2 Patch 8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:33.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.2 Patch 8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to\u0026nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:51.335Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-rce-4fverepv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv"
}
],
"source": {
"advisory": "cisco-sa-ise-rce-4fverepv",
"defects": [
"CSCwq22993"
],
"discovery": "INTERNAL"
},
"title": "Cisco Identity Services Engine Multiple Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20180",
"datePublished": "2026-04-15T16:03:51.335Z",
"dateReserved": "2025-10-08T11:59:15.393Z",
"dateUpdated": "2026-04-16T03:55:33.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20152 (GCVE-0-2026-20152)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Summary
A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.
This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Web Appliance |
Version: 11.8.0-453 Version: 12.5.3-002 Version: 12.0.3-007 Version: 12.0.3-005 Version: 14.1.0-032 Version: 14.1.0-047 Version: 14.1.0-041 Version: 12.0.4-002 Version: 14.0.2-012 Version: 11.8.0-414 Version: 12.0.1-268 Version: 11.8.1-023 Version: 11.8.3-021 Version: 11.8.3-018 Version: 12.5.1-011 Version: 11.8.4-004 Version: 12.5.2-007 Version: 12.5.2-011 Version: 14.5.0-498 Version: 12.5.4-005 Version: 12.5.4-011 Version: 12.0.5-011 Version: 14.0.3-014 Version: 12.5.5-004 Version: 12.5.5-005 Version: 12.5.5-008 Version: 14.0.4-005 Version: 14.5.1-008 Version: 14.5.1-016 Version: 15.0.0-355 Version: 15.0.0-322 Version: 12.5.6-008 Version: 15.1.0-287 Version: 14.5.2-011 Version: 15.2.0-116 Version: 14.0.5-007 Version: 15.2.0-164 Version: 14.5.1-510 Version: 12.0.2-012 Version: 12.0.2-004 Version: 14.5.1-607 Version: 14.5.3-033 Version: 15.0.1-004 Version: 15.2.1-011 Version: 14.5.0-673 Version: 14.5.0-537 Version: 12.0.1-334 Version: 14.0.1-503 Version: 14.0.1-053 Version: 11.8.0-429 Version: 14.0.1-040 Version: 14.0.1-014 Version: 12.5.1-043 Version: 15.2.2-009 Version: 15.2.3-007 Version: 15.2.4-022 Version: 15.2.5-011 Version: 15.2.5-013 Version: 14.6.0-108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20152",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:47:46.764093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:35.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Web Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.8.0-453"
},
{
"status": "affected",
"version": "12.5.3-002"
},
{
"status": "affected",
"version": "12.0.3-007"
},
{
"status": "affected",
"version": "12.0.3-005"
},
{
"status": "affected",
"version": "14.1.0-032"
},
{
"status": "affected",
"version": "14.1.0-047"
},
{
"status": "affected",
"version": "14.1.0-041"
},
{
"status": "affected",
"version": "12.0.4-002"
},
{
"status": "affected",
"version": "14.0.2-012"
},
{
"status": "affected",
"version": "11.8.0-414"
},
{
"status": "affected",
"version": "12.0.1-268"
},
{
"status": "affected",
"version": "11.8.1-023"
},
{
"status": "affected",
"version": "11.8.3-021"
},
{
"status": "affected",
"version": "11.8.3-018"
},
{
"status": "affected",
"version": "12.5.1-011"
},
{
"status": "affected",
"version": "11.8.4-004"
},
{
"status": "affected",
"version": "12.5.2-007"
},
{
"status": "affected",
"version": "12.5.2-011"
},
{
"status": "affected",
"version": "14.5.0-498"
},
{
"status": "affected",
"version": "12.5.4-005"
},
{
"status": "affected",
"version": "12.5.4-011"
},
{
"status": "affected",
"version": "12.0.5-011"
},
{
"status": "affected",
"version": "14.0.3-014"
},
{
"status": "affected",
"version": "12.5.5-004"
},
{
"status": "affected",
"version": "12.5.5-005"
},
{
"status": "affected",
"version": "12.5.5-008"
},
{
"status": "affected",
"version": "14.0.4-005"
},
{
"status": "affected",
"version": "14.5.1-008"
},
{
"status": "affected",
"version": "14.5.1-016"
},
{
"status": "affected",
"version": "15.0.0-355"
},
{
"status": "affected",
"version": "15.0.0-322"
},
{
"status": "affected",
"version": "12.5.6-008"
},
{
"status": "affected",
"version": "15.1.0-287"
},
{
"status": "affected",
"version": "14.5.2-011"
},
{
"status": "affected",
"version": "15.2.0-116"
},
{
"status": "affected",
"version": "14.0.5-007"
},
{
"status": "affected",
"version": "15.2.0-164"
},
{
"status": "affected",
"version": "14.5.1-510"
},
{
"status": "affected",
"version": "12.0.2-012"
},
{
"status": "affected",
"version": "12.0.2-004"
},
{
"status": "affected",
"version": "14.5.1-607"
},
{
"status": "affected",
"version": "14.5.3-033"
},
{
"status": "affected",
"version": "15.0.1-004"
},
{
"status": "affected",
"version": "15.2.1-011"
},
{
"status": "affected",
"version": "14.5.0-673"
},
{
"status": "affected",
"version": "14.5.0-537"
},
{
"status": "affected",
"version": "12.0.1-334"
},
{
"status": "affected",
"version": "14.0.1-503"
},
{
"status": "affected",
"version": "14.0.1-053"
},
{
"status": "affected",
"version": "11.8.0-429"
},
{
"status": "affected",
"version": "14.0.1-040"
},
{
"status": "affected",
"version": "14.0.1-014"
},
{
"status": "affected",
"version": "12.5.1-043"
},
{
"status": "affected",
"version": "15.2.2-009"
},
{
"status": "affected",
"version": "15.2.3-007"
},
{
"status": "affected",
"version": "15.2.4-022"
},
{
"status": "affected",
"version": "15.2.5-011"
},
{
"status": "affected",
"version": "15.2.5-013"
},
{
"status": "affected",
"version": "14.6.0-108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements.\r\n\r\nThis vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T19:05:18.524Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-auth-bypass-6YZkTQhd"
}
],
"source": {
"advisory": "cisco-sa-wsa-auth-bypass-6YZkTQhd",
"defects": [
"CSCwr20696"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Secure Web Appliance Authentication Service Traffic Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20152",
"datePublished": "2026-04-15T16:03:43.828Z",
"dateReserved": "2025-10-08T11:59:15.386Z",
"dateUpdated": "2026-04-16T19:05:18.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20161 (GCVE-0-2026-20161)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.
This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco ThousandEyes Enterprise Agent |
Version: Agent 5.0 Version: Agent 4.4.4 Version: Agent 4.4.3 Version: Agent 4.4.2 Version: Agent 4.2 Version: Agent 4.1 Version: Agent 4.0 Version: Agent 5.1 Version: Agent 5.1.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:54:35.119090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:35.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco ThousandEyes Enterprise Agent",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "Agent 5.0"
},
{
"status": "affected",
"version": "Agent 4.4.4"
},
{
"status": "affected",
"version": "Agent 4.4.3"
},
{
"status": "affected",
"version": "Agent 4.4.2"
},
{
"status": "affected",
"version": "Agent 4.2"
},
{
"status": "affected",
"version": "Agent 4.1"
},
{
"status": "affected",
"version": "Agent 4.0"
},
{
"status": "affected",
"version": "Agent 5.1"
},
{
"status": "affected",
"version": "Agent 5.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system\u0026nbsp;of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:43.769Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-te-agentfilewrite-tqUw3SMU",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-agentfilewrite-tqUw3SMU"
}
],
"source": {
"advisory": "cisco-sa-te-agentfilewrite-tqUw3SMU",
"defects": [
"CSCwt14485"
],
"discovery": "INTERNAL"
},
"title": "Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20161",
"datePublished": "2026-04-15T16:03:43.769Z",
"dateReserved": "2025-10-08T11:59:15.388Z",
"dateUpdated": "2026-04-15T16:56:35.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20186 (GCVE-0-2026-20186)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-16 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:36.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to\u0026nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:35.310Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-rce-4fverepv",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv"
}
],
"source": {
"advisory": "cisco-sa-ise-rce-4fverepv",
"defects": [
"CSCwq21242"
],
"discovery": "INTERNAL"
},
"title": "Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20186",
"datePublished": "2026-04-15T16:03:35.310Z",
"dateReserved": "2025-10-08T11:59:15.394Z",
"dateUpdated": "2026-04-16T03:55:36.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20148 (GCVE-0-2026-20148)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-15 16:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 Version: 3.5.0 Version: 3.4 Patch 4 Version: 3.3 Patch 8 Version: 3.2 Patch 8 Version: 3.5 Patch 1 Version: 3.3 Patch 9 Version: 3.2 Patch 9 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:50:58.114801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:56:35.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.2 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.2 Patch 9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco ISE Passive Identity Connector",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:31.727Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-rce-traversal-8bYndVrZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ"
}
],
"source": {
"advisory": "cisco-sa-ise-rce-traversal-8bYndVrZ",
"defects": [
"CSCws52717"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Path Traversal Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20148",
"datePublished": "2026-04-15T16:03:31.727Z",
"dateReserved": "2025-10-08T11:59:15.385Z",
"dateUpdated": "2026-04-15T16:56:35.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20147 (GCVE-0-2026-20147)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-16 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 Version: 3.4 Patch 2 Version: 3.3 Patch 7 Version: 3.4 Patch 3 Version: 3.5.0 Version: 3.4 Patch 4 Version: 3.3 Patch 8 Version: 3.2 Patch 8 Version: 3.5 Patch 1 Version: 3.3 Patch 9 Version: 3.2 Patch 9 Version: 3.4 Patch 5 Version: 3.5 Patch 2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T03:55:35.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
},
{
"status": "affected",
"version": "3.4 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 7"
},
{
"status": "affected",
"version": "3.4 Patch 3"
},
{
"status": "affected",
"version": "3.5.0"
},
{
"status": "affected",
"version": "3.4 Patch 4"
},
{
"status": "affected",
"version": "3.3 Patch 8"
},
{
"status": "affected",
"version": "3.2 Patch 8"
},
{
"status": "affected",
"version": "3.5 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 9"
},
{
"status": "affected",
"version": "3.2 Patch 9"
},
{
"status": "affected",
"version": "3.4 Patch 5"
},
{
"status": "affected",
"version": "3.5 Patch 2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco ISE Passive Identity Connector",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:25.648Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-rce-traversal-8bYndVrZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ"
}
],
"source": {
"advisory": "cisco-sa-ise-rce-traversal-8bYndVrZ",
"defects": [
"CSCws52738"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20147",
"datePublished": "2026-04-15T16:03:25.648Z",
"dateReserved": "2025-10-08T11:59:15.385Z",
"dateUpdated": "2026-04-16T03:55:35.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20081 (GCVE-0-2026-20081)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-15 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 14SU3a Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9 Version: 15SU2 Version: 15SU3 Version: 14SU5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:53:08.016233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:06:37.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker\u0026nbsp;to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.\u0026nbsp;\r\n\r\nThese vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:23.282Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-file-download-RmKEVWPx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx"
}
],
"source": {
"advisory": "cisco-sa-unity-file-download-RmKEVWPx",
"defects": [
"CSCwr87730"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Arbitrary File Download Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20081",
"datePublished": "2026-04-15T16:03:23.282Z",
"dateReserved": "2025-10-08T11:59:15.363Z",
"dateUpdated": "2026-04-15T17:06:37.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20078 (GCVE-0-2026-20078)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-15 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unity Connection |
Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 14SU3a Version: 12.5(1)SU8a Version: 15 Version: 15SU1 Version: 14SU4 Version: 12.5(1)SU9 Version: 15SU2 Version: 15SU3 Version: 14SU5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:53:33.414429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:06:38.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
},
{
"status": "affected",
"version": "15SU2"
},
{
"status": "affected",
"version": "15SU3"
},
{
"status": "affected",
"version": "14SU5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker\u0026nbsp;to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.\u0026nbsp;\r\n\r\nThese vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative Path Traversal",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:16.698Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-unity-file-download-RmKEVWPx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx"
}
],
"source": {
"advisory": "cisco-sa-unity-file-download-RmKEVWPx",
"defects": [
"CSCwq36816"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unity Connection Arbitrary File Download Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20078",
"datePublished": "2026-04-15T16:03:16.698Z",
"dateReserved": "2025-10-08T11:59:15.363Z",
"dateUpdated": "2026-04-15T17:06:38.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20132 (GCVE-0-2026-20132)
Vulnerability from cvelistv5
Published
2026-04-15 16:03
Modified
2026-04-15 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.
These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T16:53:55.291064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T17:06:38.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative\u0026nbsp;write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device.\r\n\r\nThese vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T16:03:14.842Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-isexss-BS8ctE7U",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isexss-BS8ctE7U"
}
],
"source": {
"advisory": "cisco-sa-isexss-BS8ctE7U",
"defects": [
"CSCwn87479"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20132",
"datePublished": "2026-04-15T16:03:14.842Z",
"dateReserved": "2025-10-08T11:59:15.380Z",
"dateUpdated": "2026-04-15T17:06:38.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20090 (GCVE-0-2026-20090)
Vulnerability from cvelistv5
Published
2026-04-01 16:34
Modified
2026-04-01 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:43:50.354293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:44:31.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:34:57.753Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60948"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20090",
"datePublished": "2026-04-01T16:34:57.753Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-01T17:44:31.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20089 (GCVE-0-2026-20089)
Vulnerability from cvelistv5
Published
2026-04-01 16:34
Modified
2026-04-01 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:44:47.477553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:45:22.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:34:48.793Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60944"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20089",
"datePublished": "2026-04-01T16:34:48.793Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-01T17:45:22.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20087 (GCVE-0-2026-20087)
Vulnerability from cvelistv5
Published
2026-04-01 16:34
Modified
2026-04-01 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a Version: 4.15.5 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:50:01.177510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:50:56.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
},
{
"status": "affected",
"version": "4.15.5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:34:40.865Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60933"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20087",
"datePublished": "2026-04-01T16:34:40.865Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-01T17:50:56.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20088 (GCVE-0-2026-20088)
Vulnerability from cvelistv5
Published
2026-04-01 16:34
Modified
2026-04-01 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:55:03.494571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:55:20.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "3.2.16.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:34:40.845Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60943"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20088",
"datePublished": "2026-04-01T16:34:40.845Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-01T17:55:20.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20160 (GCVE-0-2026-20160)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Summary
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.
This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Smart Software Manager On-Prem |
Version: 9-202502 Version: 9-202504 Version: 9-202507 Version: 9-202510 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:10.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Smart Software Manager On-Prem",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9-202502"
},
{
"status": "affected",
"version": "9-202504"
},
{
"status": "affected",
"version": "9-202507"
},
{
"status": "affected",
"version": "9-202510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host.\r\n\r\nThis vulnerability is due to the unintentional exposure of an\u0026nbsp;internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:22.741Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ssm-cli-execution-cHUcWuNr",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr"
}
],
"source": {
"advisory": "cisco-sa-ssm-cli-execution-cHUcWuNr",
"defects": [
"CSCws84279"
],
"discovery": "INTERNAL"
},
"title": "Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20160",
"datePublished": "2026-04-01T16:29:22.741Z",
"dateReserved": "2025-10-08T11:59:15.388Z",
"dateUpdated": "2026-04-02T03:56:10.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20174 (GCVE-0-2026-20174)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-01 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.
This vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Note: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Nexus Dashboard |
Version: 3.1(1k) Version: 3.1(1l) Version: 3.2(1e) Version: 3.2(1i) Version: 3.3(1a) Version: 3.3(1b) Version: 3.3(2b) Version: 4.0(1i) Version: 3.3(2g) Version: 3.2(2f) Version: 3.2(2g) Version: 3.2(2m) Version: 3.1(1n) Version: 4.1(1g) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:09:26.289152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:09:37.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Nexus Dashboard",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1(1k)"
},
{
"status": "affected",
"version": "3.1(1l)"
},
{
"status": "affected",
"version": "3.2(1e)"
},
{
"status": "affected",
"version": "3.2(1i)"
},
{
"status": "affected",
"version": "3.3(1a)"
},
{
"status": "affected",
"version": "3.3(1b)"
},
{
"status": "affected",
"version": "3.3(2b)"
},
{
"status": "affected",
"version": "4.0(1i)"
},
{
"status": "affected",
"version": "3.3(2g)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "3.2(2g)"
},
{
"status": "affected",
"version": "3.2(2m)"
},
{
"status": "affected",
"version": "3.1(1n)"
},
{
"status": "affected",
"version": "4.1(1g)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Nexus Dashboard Insights",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.2.125"
},
{
"status": "affected",
"version": "2.2.2.126"
},
{
"status": "affected",
"version": "5.0.1.150"
},
{
"status": "affected",
"version": "5.0.1.154"
},
{
"status": "affected",
"version": "5.1.0.131"
},
{
"status": "affected",
"version": "5.1.0.135"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system.\r\n\r\nThis vulnerability is due to insufficient validation of the metadata update file. An attacker could exploit this vulnerability by crafting a metadata update file and manually uploading it to an affected device. A successful exploit could allow the attacker to write arbitrary files to the underlying operating system as the\u0026nbsp;root user. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\nNote: Manual uploading of metadata files is typical for Air-Gap environments but not for Cisco Intersight Cloud connected devices. However, the manual upload option exists for both deployments."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:22.721Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ndi-afw-rJuRC5dZ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndi-afw-rJuRC5dZ"
}
],
"source": {
"advisory": "cisco-sa-ndi-afw-rJuRC5dZ",
"defects": [
"CSCws40848"
],
"discovery": "INTERNAL"
},
"title": "Cisco Nexus Dashboard Insights Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20174",
"datePublished": "2026-04-01T16:29:22.721Z",
"dateReserved": "2025-10-08T11:59:15.392Z",
"dateUpdated": "2026-04-01T18:09:37.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20151 (GCVE-0-2026-20151)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.
This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative.
To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User.
Note: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Smart Software Manager On-Prem |
Version: 7-202001 Version: 8-202004 Version: 8-202006 Version: 8-202012 Version: 8-202010 Version: 8-202008 Version: 9-202201 Version: 8-202102 Version: 8-202105 Version: 8-202108 Version: 8-202112 Version: 8-202201 Version: 8-202206 Version: 8-202212 Version: 8-202302 Version: 8-202303 Version: 8-202304 Version: 8-202308 Version: 8-202401 Version: 8-202404 Version: 9-202406 Version: 9-202407 Version: 9-202410 Version: 9-202412 Version: 9-202501 Version: 9-202502 Version: 9-202504 Version: 9-202507 Version: 9-202510 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:09.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Smart Software Manager On-Prem",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7-202001"
},
{
"status": "affected",
"version": "8-202004"
},
{
"status": "affected",
"version": "8-202006"
},
{
"status": "affected",
"version": "8-202012"
},
{
"status": "affected",
"version": "8-202010"
},
{
"status": "affected",
"version": "8-202008"
},
{
"status": "affected",
"version": "9-202201"
},
{
"status": "affected",
"version": "8-202102"
},
{
"status": "affected",
"version": "8-202105"
},
{
"status": "affected",
"version": "8-202108"
},
{
"status": "affected",
"version": "8-202112"
},
{
"status": "affected",
"version": "8-202201"
},
{
"status": "affected",
"version": "8-202206"
},
{
"status": "affected",
"version": "8-202212"
},
{
"status": "affected",
"version": "8-202302"
},
{
"status": "affected",
"version": "8-202303"
},
{
"status": "affected",
"version": "8-202304"
},
{
"status": "affected",
"version": "8-202308"
},
{
"status": "affected",
"version": "8-202401"
},
{
"status": "affected",
"version": "8-202404"
},
{
"status": "affected",
"version": "9-202406"
},
{
"status": "affected",
"version": "9-202407"
},
{
"status": "affected",
"version": "9-202410"
},
{
"status": "affected",
"version": "9-202412"
},
{
"status": "affected",
"version": "9-202501"
},
{
"status": "affected",
"version": "9-202502"
},
{
"status": "affected",
"version": "9-202504"
},
{
"status": "affected",
"version": "9-202507"
},
{
"status": "affected",
"version": "9-202510"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\n\r\nThis vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative.\r\nTo exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User.\r\nNote: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:13.496Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cssm-priv-esc-xRAnOuO8",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8"
}
],
"source": {
"advisory": "cisco-sa-cssm-priv-esc-xRAnOuO8",
"defects": [
"CSCwr86065"
],
"discovery": "INTERNAL"
},
"title": "Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20151",
"datePublished": "2026-04-01T16:29:13.496Z",
"dateReserved": "2025-10-08T11:59:15.385Z",
"dateUpdated": "2026-04-02T03:56:09.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20155 (GCVE-0-2026-20155)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-01 18:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.
This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Evolved Programmable Network Manager (EPNM) |
Version: 7.1.1 Version: 7.1.2.1 Version: 7.1.3 Version: 7.1.2 Version: 7.1.0 Version: 8.0.0 Version: 8.0.0.1 Version: 7.1.3.1 Version: 7.1.4 Version: 8.1.0 Version: 8.1.1 Version: 8.0.1 Version: 7.1.4.1 Version: 8.0.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:19:08.632246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:19:17.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Evolved Programmable Network Manager (EPNM)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "8.0.0"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "7.1.3.1"
},
{
"status": "affected",
"version": "7.1.4"
},
{
"status": "affected",
"version": "8.1.0"
},
{
"status": "affected",
"version": "8.1.1"
},
{
"status": "affected",
"version": "8.0.1"
},
{
"status": "affected",
"version": "7.1.4.1"
},
{
"status": "affected",
"version": "8.0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access.\r\n\r\nThis vulnerability is due to improper authorization checks on a REST API endpoint of an affected device.\u0026nbsp;An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session information of active Cisco EPNM users, including users with administrative privileges, which could result in the affected device being compromised."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:12.891Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-epnm-improp-auth-mUwFWUU3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3"
}
],
"source": {
"advisory": "cisco-sa-epnm-improp-auth-mUwFWUU3",
"defects": [
"CSCwp27059"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20155",
"datePublished": "2026-04-01T16:29:12.891Z",
"dateReserved": "2025-10-08T11:59:15.386Z",
"dateUpdated": "2026-04-01T18:19:17.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20096 (GCVE-0-2026-20096)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:17.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:03.545Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60894"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20096",
"datePublished": "2026-04-01T16:29:03.545Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-02T03:56:17.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20097 (GCVE-0-2026-20097)
Vulnerability from cvelistv5
Published
2026-04-01 16:29
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Version: 4.0(2g) Version: 3.1(2i) Version: 3.1(1d) Version: 4.0(4i) Version: 4.1(1c) Version: 4.0(2c) Version: 4.0(1e) Version: 4.0(2h) Version: 4.0(4h) Version: 4.0(1h) Version: 4.0(2l) Version: 3.1(3g) Version: 4.0(1.240) Version: 4.0(2f) Version: 4.0(1g) Version: 4.0(2i) Version: 3.1(3i) Version: 4.0(4d) Version: 4.1(1d) Version: 3.1(3c) Version: 4.0(4k) Version: 3.1(2d) Version: 3.1(3a) Version: 3.1(3j) Version: 4.0(2d) Version: 4.1(1f) Version: 4.0(1c) Version: 4.0(4f) Version: 4.0(4c) Version: 3.1(3d) Version: 3.1(2g) Version: 3.1(2c) Version: 4.0(1d) Version: 3.1(2e) Version: 4.0(1a) Version: 4.0(1b) Version: 3.1(3b) Version: 4.0(4b) Version: 3.1(2b) Version: 4.0(4e) Version: 3.1(3h) Version: 4.0(4l) Version: 4.1(1g) Version: 4.1(2a) Version: 4.0(2n) Version: 4.1(1h) Version: 3.1(3k) Version: 4.1(2b) Version: 4.0(2o) Version: 4.0(4m) Version: 4.1(2d) Version: 4.1(3b) Version: 4.0(2p) Version: 4.1(2e) Version: 4.1(2f) Version: 4.0(4n) Version: 4.0(2q) Version: 4.1(3c) Version: 4.0(2r) Version: 4.1(3d) Version: 4.1(2g) Version: 4.1(2h) Version: 4.1(3f) Version: 4.1(2j) Version: 4.1(2k) Version: 4.1(3h) Version: 4.2(2a) Version: 4.1(3i) Version: 4.2(2f) Version: 4.2(2g) Version: 4.2(3b) Version: 4.1(3l) Version: 4.2(3d) Version: 4.3(1.230097) Version: 4.2(1e) Version: 4.2(1b) Version: 4.2(1j) Version: 4.2(1i) Version: 4.2(1f) Version: 4.2(1a) Version: 4.2(1c) Version: 4.2(1g) Version: 4.3(1.230124) Version: 4.1(2l) Version: 4.2(3e) Version: 4.3(1.230138) Version: 4.2(3g) Version: 4.3(2.230207) Version: 4.2(3h) Version: 4.2(3i) Version: 4.3(2.230270) Version: 4.1(3m) Version: 4.1(2m) Version: 4.3(2.240002) Version: 4.3(3.240022) Version: 4.2(3j) Version: 4.1(3n) Version: 4.3(2.240009) Version: 4.3(3.240043) Version: 4.3(4.240142) Version: 4.3(2.240037) Version: 4.3(2.240053) Version: 4.3(4.240152) Version: 4.2(3l) Version: 4.3(2.240077) Version: 4.3(4.242028) Version: 4.3(4.241063) Version: 4.3(4.242038) Version: 4.2(3m) Version: 4.3(2.240090) Version: 4.3(5.240021) Version: 4.3(2.240107) Version: 4.3(4.242066) Version: 4.2(3n) Version: 4.3(5.250001) Version: 4.2(3o) Version: 4.3(2.250016) Version: 4.3(2.250021) Version: 4.3(5.250030) Version: 4.3(2.250022) Version: 4.3(6.250040) Version: 4.3(5.250033) Version: 4.3(6.250044) Version: 4.3(6.250053) Version: 4.3(2.250037) Version: 4.3(2.250045) Version: 4.3(4.252001) Version: 4.3(4.252002) Version: 6.0(1.250127) Version: 4.2(3p) Version: 6.0(1.250131) Version: 4.3(6.250101) Version: 6.0(1.250174) Version: 4.3(6.250117) Version: 4.3(5.250043) Version: 4.3(6.250039) Version: 4.3(5.250045) Version: 4.3(6.250060) Version: 6.0(1.250130) Version: 4.3(4.241014) Version: 4.3(2.250063) Version: 6.0(1.250192) Version: 4.3(6.260003) Version: 6.0(1.250194) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:16.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user.\u0026nbsp;This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.\r\n\r\nCisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:29:00.607Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60925"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20097",
"datePublished": "2026-04-01T16:29:00.607Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-02T03:56:16.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20094 (GCVE-0-2026-20094)
Vulnerability from cvelistv5
Published
2026-04-01 16:28
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) |
Version: 4.0(2g) Version: 3.1(2i) Version: 3.1(1d) Version: 4.0(4i) Version: 4.1(1c) Version: 4.0(2c) Version: 4.0(1e) Version: 4.0(2h) Version: 4.0(4h) Version: 4.0(1h) Version: 4.0(2l) Version: 3.1(3g) Version: 4.0(1.240) Version: 4.0(2f) Version: 4.0(1g) Version: 4.0(2i) Version: 3.1(3i) Version: 4.0(4d) Version: 4.1(1d) Version: 3.1(3c) Version: 4.0(4k) Version: 3.1(2d) Version: 3.1(3a) Version: 3.1(3j) Version: 4.0(2d) Version: 4.1(1f) Version: 4.0(4j) Version: 4.0(2m) Version: 4.0(2k) Version: 4.0(1c) Version: 4.0(4f) Version: 4.0(4c) Version: 3.1(3d) Version: 3.1(2g) Version: 3.1(2c) Version: 4.0(1d) Version: 3.1(2e) Version: 4.0(1a) Version: 4.0(1b) Version: 3.1(3b) Version: 4.0(4b) Version: 3.1(2b) Version: 4.0(4e) Version: 3.1(3h) Version: 4.0(4l) Version: 4.1(1g) Version: 4.1(2a) Version: 4.0(2n) Version: 4.1(1h) Version: 3.1(3k) Version: 4.1(2b) Version: 4.0(2o) Version: 4.0(4m) Version: 4.1(2d) Version: 4.1(3b) Version: 4.0(2p) Version: 4.1(2e) Version: 4.1(2f) Version: 4.0(4n) Version: 4.0(2q) Version: 4.1(3c) Version: 4.0(2r) Version: 4.1(3d) Version: 4.1(2g) Version: 4.1(2h) Version: 4.1(3g) Version: 4.1(3f) Version: 4.1(2j) Version: 4.1(2k) Version: 4.1(3h) Version: 4.2(2a) Version: 4.1(3i) Version: 4.2(2f) Version: 4.2(2g) Version: 4.2(3b) Version: 4.1(3l) Version: 4.2(3d) Version: 4.3(1.230097) Version: 4.2(1e) Version: 4.2(1b) Version: 4.2(1j) Version: 4.2(1i) Version: 4.2(1f) Version: 4.2(1a) Version: 4.2(1c) Version: 4.2(1g) Version: 4.3(1.230124) Version: 4.1(2l) Version: 4.2(3e) Version: 4.3(1.230138) Version: 4.2(3g) Version: 4.3(2.230207) Version: 4.2(3h) Version: 4.2(3i) Version: 4.3(2.230270) Version: 4.1(3m) Version: 4.1(2m) Version: 4.3(2.240002) Version: 4.3(3.240022) Version: 4.2(3j) Version: 4.1(3n) Version: 4.3(2.240009) Version: 4.3(3.240041) Version: 4.2(3k) Version: 4.3(3.240043) Version: 4.3(4.240142) Version: 4.3(2.240037) Version: 4.3(2.240053) Version: 4.3(4.240152) Version: 4.2(3l) Version: 4.3(2.240077) Version: 4.3(4.242028) Version: 4.3(4.241063) Version: 4.3(4.242038) Version: 4.2(3m) Version: 4.3(2.240090) Version: 4.3(5.240021) Version: 4.3(2.240107) Version: 4.3(4.242066) Version: 4.2(3n) Version: 4.3(5.250001) Version: 4.2(3o) Version: 4.3(2.250016) Version: 4.3(2.250021) Version: 4.3(5.250030) Version: 4.3(2.250022) Version: 4.3(6.250039) Version: 4.3(6.250040) Version: 4.3(5.250033) Version: 4.3(6.250044) Version: 4.3(6.250053) Version: 4.3(2.250037) Version: 4.3(2.250045) Version: 4.3(4.252001) Version: 4.3(4.252002) Version: 6.0(1.250127) Version: 4.2(3p) Version: 6.0(1.250131) Version: 4.3(6.250101) Version: 6.0(1.250174) Version: 4.3(6.250117) Version: 4.3(5.250043) Version: 4.3(5.250045) Version: 4.3(6.250060) Version: 6.0(1.250130) Version: 4.3(4.241014) Version: 4.3(2.250063) Version: 6.0(1.250192) Version: 4.3(6.260003) Version: 6.0(1.250194) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:15.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:28:50.641Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60021"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20094",
"datePublished": "2026-04-01T16:28:50.641Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-02T03:56:15.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20095 (GCVE-0-2026-20095)
Vulnerability from cvelistv5
Published
2026-04-01 16:28
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.
This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:14.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(4j)"
},
{
"status": "affected",
"version": "4.0(2m)"
},
{
"status": "affected",
"version": "4.0(2k)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3g)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240041)"
},
{
"status": "affected",
"version": "4.2(3k)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:28:47.898Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
}
],
"source": {
"advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
"defects": [
"CSCwr60889"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20095",
"datePublished": "2026-04-01T16:28:47.898Z",
"dateReserved": "2025-10-08T11:59:15.369Z",
"dateUpdated": "2026-04-02T03:56:14.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20093 (GCVE-0-2026-20093)
Vulnerability from cvelistv5
Published
2026-04-01 16:28
Modified
2026-04-02 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.
This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:56:12.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as\u0026nbsp;Admin.\r\n\r\nThis vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an\u0026nbsp;Admin user, and gain access to the system as that user."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:28:38.714Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn"
}
],
"source": {
"advisory": "cisco-sa-cimc-auth-bypass-AgG2BxTn",
"defects": [
"CSCwq55659"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20093",
"datePublished": "2026-04-01T16:28:38.714Z",
"dateReserved": "2025-10-08T11:59:15.368Z",
"dateUpdated": "2026-04-02T03:56:12.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20085 (GCVE-0-2026-20085)
Vulnerability from cvelistv5
Published
2026-04-01 16:27
Modified
2026-04-01 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Version: 4.1.1 Version: 3.9.1 Version: 3.5.2 Version: 3.12.2 Version: 3.6.2 Version: 3.9.2 Version: 3.11.3 Version: 3.11.1 Version: 3.5.1 Version: 3.3.1 Version: 3.10.2 Version: 3.12.1b Version: 3.4.1 Version: 3.12.1a Version: 3.6.3 Version: 3.8.1 Version: 3.11.2 Version: 3.12.1 Version: 3.12.3 Version: 3.10.1 Version: 3.6.1 Version: 3.10.3 Version: 3.7.1 Version: 4.1.2 Version: 4.2.1 Version: 4.2.2 Version: 4.4.1 Version: 4.4.2 Version: 4.5.1 Version: 4.4.3 Version: 4.6.1 Version: 4.7.1 Version: 4.6.2-FC2 Version: 4.6.2-FC3 Version: 4.6.2 Version: 4.8.1 Version: 4.8.2 Version: 4.9.1 Version: 4.6.3 Version: 4.9.2-FC5 Version: 4.9.2 Version: 4.10.1 Version: 4.9.3 Version: 4.11.1 Version: 4.9.4 Version: 4.12.1 Version: 4.6.4 Version: 4.12.2 Version: 4.13.1 Version: 4.9.4-ES8 Version: 4.9.5 Version: 4.12.3 Version: 4.6.5-ES1 Version: 4.9.4-ES9 Version: 4.14.1 Version: 4.6.3-FC4 Version: 4.9.4-FC3 Version: 4.12.4 Version: 4.15.1 Version: 4.9.6 Version: 4.16.1 Version: 4.15.2 Version: 4.12.5 Version: 4.15.3 Version: 4.15.4 Version: 4.18.1 Version: 4.12.6 Version: 4.18.2 Version: 4.18.2a |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:14:21.097192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:14:27.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.1.1"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.5.2"
},
{
"status": "affected",
"version": "3.12.2"
},
{
"status": "affected",
"version": "3.6.2"
},
{
"status": "affected",
"version": "3.9.2"
},
{
"status": "affected",
"version": "3.11.3"
},
{
"status": "affected",
"version": "3.11.1"
},
{
"status": "affected",
"version": "3.5.1"
},
{
"status": "affected",
"version": "3.3.1"
},
{
"status": "affected",
"version": "3.10.2"
},
{
"status": "affected",
"version": "3.12.1b"
},
{
"status": "affected",
"version": "3.4.1"
},
{
"status": "affected",
"version": "3.12.1a"
},
{
"status": "affected",
"version": "3.6.3"
},
{
"status": "affected",
"version": "3.8.1"
},
{
"status": "affected",
"version": "3.11.2"
},
{
"status": "affected",
"version": "3.12.1"
},
{
"status": "affected",
"version": "3.12.3"
},
{
"status": "affected",
"version": "3.10.1"
},
{
"status": "affected",
"version": "3.6.1"
},
{
"status": "affected",
"version": "3.10.3"
},
{
"status": "affected",
"version": "3.7.1"
},
{
"status": "affected",
"version": "4.1.2"
},
{
"status": "affected",
"version": "4.2.1"
},
{
"status": "affected",
"version": "4.2.2"
},
{
"status": "affected",
"version": "4.4.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.1"
},
{
"status": "affected",
"version": "4.4.3"
},
{
"status": "affected",
"version": "4.6.1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.6.2-FC2"
},
{
"status": "affected",
"version": "4.6.2-FC3"
},
{
"status": "affected",
"version": "4.6.2"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.1"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.9.2-FC5"
},
{
"status": "affected",
"version": "4.9.2"
},
{
"status": "affected",
"version": "4.10.1"
},
{
"status": "affected",
"version": "4.9.3"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "4.9.4"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "4.6.4"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "4.13.1"
},
{
"status": "affected",
"version": "4.9.4-ES8"
},
{
"status": "affected",
"version": "4.9.5"
},
{
"status": "affected",
"version": "4.12.3"
},
{
"status": "affected",
"version": "4.6.5-ES1"
},
{
"status": "affected",
"version": "4.9.4-ES9"
},
{
"status": "affected",
"version": "4.14.1"
},
{
"status": "affected",
"version": "4.6.3-FC4"
},
{
"status": "affected",
"version": "4.9.4-FC3"
},
{
"status": "affected",
"version": "4.12.4"
},
{
"status": "affected",
"version": "4.15.1"
},
{
"status": "affected",
"version": "4.9.6"
},
{
"status": "affected",
"version": "4.16.1"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.12.5"
},
{
"status": "affected",
"version": "4.15.3"
},
{
"status": "affected",
"version": "4.15.4"
},
{
"status": "affected",
"version": "4.18.1"
},
{
"status": "affected",
"version": "4.12.6"
},
{
"status": "affected",
"version": "4.18.2"
},
{
"status": "affected",
"version": "4.18.2a"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System (Standalone)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "4.0(2g)"
},
{
"status": "affected",
"version": "3.1(2i)"
},
{
"status": "affected",
"version": "3.1(1d)"
},
{
"status": "affected",
"version": "4.0(4i)"
},
{
"status": "affected",
"version": "4.1(1c)"
},
{
"status": "affected",
"version": "4.0(2c)"
},
{
"status": "affected",
"version": "4.0(1e)"
},
{
"status": "affected",
"version": "4.0(2h)"
},
{
"status": "affected",
"version": "4.0(4h)"
},
{
"status": "affected",
"version": "4.0(1h)"
},
{
"status": "affected",
"version": "4.0(2l)"
},
{
"status": "affected",
"version": "3.1(3g)"
},
{
"status": "affected",
"version": "4.0(1.240)"
},
{
"status": "affected",
"version": "4.0(2f)"
},
{
"status": "affected",
"version": "4.0(1g)"
},
{
"status": "affected",
"version": "4.0(2i)"
},
{
"status": "affected",
"version": "3.1(3i)"
},
{
"status": "affected",
"version": "4.0(4d)"
},
{
"status": "affected",
"version": "4.1(1d)"
},
{
"status": "affected",
"version": "3.1(3c)"
},
{
"status": "affected",
"version": "4.0(4k)"
},
{
"status": "affected",
"version": "3.1(2d)"
},
{
"status": "affected",
"version": "3.1(3a)"
},
{
"status": "affected",
"version": "3.1(3j)"
},
{
"status": "affected",
"version": "4.0(2d)"
},
{
"status": "affected",
"version": "4.1(1f)"
},
{
"status": "affected",
"version": "4.0(1c)"
},
{
"status": "affected",
"version": "4.0(4f)"
},
{
"status": "affected",
"version": "4.0(4c)"
},
{
"status": "affected",
"version": "3.1(3d)"
},
{
"status": "affected",
"version": "3.1(2g)"
},
{
"status": "affected",
"version": "3.1(2c)"
},
{
"status": "affected",
"version": "4.0(1d)"
},
{
"status": "affected",
"version": "3.1(2e)"
},
{
"status": "affected",
"version": "4.0(1a)"
},
{
"status": "affected",
"version": "4.0(1b)"
},
{
"status": "affected",
"version": "3.1(3b)"
},
{
"status": "affected",
"version": "4.0(4b)"
},
{
"status": "affected",
"version": "3.1(2b)"
},
{
"status": "affected",
"version": "4.0(4e)"
},
{
"status": "affected",
"version": "3.1(3h)"
},
{
"status": "affected",
"version": "4.0(4l)"
},
{
"status": "affected",
"version": "4.1(1g)"
},
{
"status": "affected",
"version": "4.1(2a)"
},
{
"status": "affected",
"version": "4.0(2n)"
},
{
"status": "affected",
"version": "4.1(1h)"
},
{
"status": "affected",
"version": "3.1(3k)"
},
{
"status": "affected",
"version": "4.1(2b)"
},
{
"status": "affected",
"version": "4.0(2o)"
},
{
"status": "affected",
"version": "4.0(4m)"
},
{
"status": "affected",
"version": "4.1(2d)"
},
{
"status": "affected",
"version": "4.1(3b)"
},
{
"status": "affected",
"version": "4.0(2p)"
},
{
"status": "affected",
"version": "4.1(2e)"
},
{
"status": "affected",
"version": "4.1(2f)"
},
{
"status": "affected",
"version": "4.0(4n)"
},
{
"status": "affected",
"version": "4.0(2q)"
},
{
"status": "affected",
"version": "4.1(3c)"
},
{
"status": "affected",
"version": "4.0(2r)"
},
{
"status": "affected",
"version": "4.1(3d)"
},
{
"status": "affected",
"version": "4.1(2g)"
},
{
"status": "affected",
"version": "4.1(2h)"
},
{
"status": "affected",
"version": "4.1(3f)"
},
{
"status": "affected",
"version": "4.1(2j)"
},
{
"status": "affected",
"version": "4.1(2k)"
},
{
"status": "affected",
"version": "4.1(3h)"
},
{
"status": "affected",
"version": "4.2(2a)"
},
{
"status": "affected",
"version": "4.1(3i)"
},
{
"status": "affected",
"version": "4.2(2f)"
},
{
"status": "affected",
"version": "4.2(2g)"
},
{
"status": "affected",
"version": "4.2(3b)"
},
{
"status": "affected",
"version": "4.1(3l)"
},
{
"status": "affected",
"version": "4.2(3d)"
},
{
"status": "affected",
"version": "4.3(1.230097)"
},
{
"status": "affected",
"version": "4.2(1e)"
},
{
"status": "affected",
"version": "4.2(1b)"
},
{
"status": "affected",
"version": "4.2(1j)"
},
{
"status": "affected",
"version": "4.2(1i)"
},
{
"status": "affected",
"version": "4.2(1f)"
},
{
"status": "affected",
"version": "4.2(1a)"
},
{
"status": "affected",
"version": "4.2(1c)"
},
{
"status": "affected",
"version": "4.2(1g)"
},
{
"status": "affected",
"version": "4.3(1.230124)"
},
{
"status": "affected",
"version": "4.1(2l)"
},
{
"status": "affected",
"version": "4.2(3e)"
},
{
"status": "affected",
"version": "4.3(1.230138)"
},
{
"status": "affected",
"version": "4.2(3g)"
},
{
"status": "affected",
"version": "4.3(2.230207)"
},
{
"status": "affected",
"version": "4.2(3h)"
},
{
"status": "affected",
"version": "4.2(3i)"
},
{
"status": "affected",
"version": "4.3(2.230270)"
},
{
"status": "affected",
"version": "4.1(3m)"
},
{
"status": "affected",
"version": "4.1(2m)"
},
{
"status": "affected",
"version": "4.3(2.240002)"
},
{
"status": "affected",
"version": "4.3(3.240022)"
},
{
"status": "affected",
"version": "4.2(3j)"
},
{
"status": "affected",
"version": "4.1(3n)"
},
{
"status": "affected",
"version": "4.3(2.240009)"
},
{
"status": "affected",
"version": "4.3(3.240043)"
},
{
"status": "affected",
"version": "4.3(4.240142)"
},
{
"status": "affected",
"version": "4.3(2.240037)"
},
{
"status": "affected",
"version": "4.3(2.240053)"
},
{
"status": "affected",
"version": "4.3(4.240152)"
},
{
"status": "affected",
"version": "4.2(3l)"
},
{
"status": "affected",
"version": "4.3(2.240077)"
},
{
"status": "affected",
"version": "4.3(4.242028)"
},
{
"status": "affected",
"version": "4.3(4.241063)"
},
{
"status": "affected",
"version": "4.3(4.242038)"
},
{
"status": "affected",
"version": "4.2(3m)"
},
{
"status": "affected",
"version": "4.3(2.240090)"
},
{
"status": "affected",
"version": "4.3(5.240021)"
},
{
"status": "affected",
"version": "4.3(2.240107)"
},
{
"status": "affected",
"version": "4.3(4.242066)"
},
{
"status": "affected",
"version": "4.2(3n)"
},
{
"status": "affected",
"version": "4.3(5.250001)"
},
{
"status": "affected",
"version": "4.2(3o)"
},
{
"status": "affected",
"version": "4.3(2.250016)"
},
{
"status": "affected",
"version": "4.3(2.250021)"
},
{
"status": "affected",
"version": "4.3(5.250030)"
},
{
"status": "affected",
"version": "4.3(2.250022)"
},
{
"status": "affected",
"version": "4.3(6.250040)"
},
{
"status": "affected",
"version": "4.3(5.250033)"
},
{
"status": "affected",
"version": "4.3(6.250044)"
},
{
"status": "affected",
"version": "4.3(6.250053)"
},
{
"status": "affected",
"version": "4.3(2.250037)"
},
{
"status": "affected",
"version": "4.3(2.250045)"
},
{
"status": "affected",
"version": "4.3(4.252001)"
},
{
"status": "affected",
"version": "4.3(4.252002)"
},
{
"status": "affected",
"version": "6.0(1.250127)"
},
{
"status": "affected",
"version": "4.2(3p)"
},
{
"status": "affected",
"version": "6.0(1.250131)"
},
{
"status": "affected",
"version": "4.3(6.250101)"
},
{
"status": "affected",
"version": "6.0(1.250174)"
},
{
"status": "affected",
"version": "4.3(6.250117)"
},
{
"status": "affected",
"version": "4.3(5.250043)"
},
{
"status": "affected",
"version": "4.3(6.250039)"
},
{
"status": "affected",
"version": "4.3(5.250045)"
},
{
"status": "affected",
"version": "4.3(6.250060)"
},
{
"status": "affected",
"version": "6.0(1.250130)"
},
{
"status": "affected",
"version": "4.3(4.241014)"
},
{
"status": "affected",
"version": "4.3(2.250063)"
},
{
"status": "affected",
"version": "6.0(1.250192)"
},
{
"status": "affected",
"version": "4.3(6.260003)"
},
{
"status": "affected",
"version": "6.0(1.250194)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Computing System E-Series Software (UCSE)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.7"
},
{
"status": "affected",
"version": "3.2.6"
},
{
"status": "affected",
"version": "3.2.4"
},
{
"status": "affected",
"version": "3.2.10"
},
{
"status": "affected",
"version": "3.2.2"
},
{
"status": "affected",
"version": "3.2.3"
},
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "3.2.1"
},
{
"status": "affected",
"version": "3.2.11.1"
},
{
"status": "affected",
"version": "3.2.8"
},
{
"status": "affected",
"version": "3.1.1"
},
{
"status": "affected",
"version": "3.0.2"
},
{
"status": "affected",
"version": "2.1.0"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "3.1.2"
},
{
"status": "affected",
"version": "3.0.1"
},
{
"status": "affected",
"version": "2.3.2"
},
{
"status": "affected",
"version": "2.3.5"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "3.1.4"
},
{
"status": "affected",
"version": "2.4.1"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "3.1.3"
},
{
"status": "affected",
"version": "2.3.3"
},
{
"status": "affected",
"version": "2.4.2"
},
{
"status": "affected",
"version": "3.1.5"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "3.2.11.3"
},
{
"status": "affected",
"version": "3.2.11.5"
},
{
"status": "affected",
"version": "3.2.12.2"
},
{
"status": "affected",
"version": "3.2.13.6"
},
{
"status": "affected",
"version": "3.2.14"
},
{
"status": "affected",
"version": "4.11.1"
},
{
"status": "affected",
"version": "3.2.15"
},
{
"status": "affected",
"version": "4.12.1"
},
{
"status": "affected",
"version": "3.2.15.3"
},
{
"status": "affected",
"version": "4.12.2"
},
{
"status": "affected",
"version": "3.2.16.1"
},
{
"status": "affected",
"version": "4.00"
},
{
"status": "affected",
"version": "4.15.2"
},
{
"status": "affected",
"version": "4.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:27:58.940Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cimc-xss-A2tkgVAB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-A2tkgVAB"
}
],
"source": {
"advisory": "cisco-sa-cimc-xss-A2tkgVAB",
"defects": [
"CSCwr60930"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Integrated Management Controller Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20085",
"datePublished": "2026-04-01T16:27:58.940Z",
"dateReserved": "2025-10-08T11:59:15.367Z",
"dateUpdated": "2026-04-01T18:14:27.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20041 (GCVE-0-2026-20041)
Vulnerability from cvelistv5
Published
2026-04-01 16:27
Modified
2026-04-01 18:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco Nexus Dashboard |
Version: 1.1(3e) Version: 1.1(3c) Version: 1.1(3d) Version: 1.1(0d) Version: 1.1(2i) Version: 2.0(1b) Version: 1.1(2h) Version: 1.1(0c) Version: 1.1(3f) Version: 2.1(1d) Version: 2.1(1e) Version: 2.0(2g) Version: 2.0(2h) Version: 2.1(2d) Version: 2.0(1d) Version: 2.2(1h) Version: 2.2(1e) Version: 2.2(2d) Version: 2.1(2f) Version: 2.3(1c) Version: 2.3(2b) Version: 2.3(2c) Version: 2.3(2d) Version: 2.3(2e) Version: 3.0(1f) Version: 3.0(1i) Version: 3.1(1k) Version: 3.1(1l) Version: 3.2(1e) Version: 3.2(1i) Version: 3.3(1a) Version: 3.3(1b) Version: 3.3(2b) Version: 4.0(1i) Version: 3.3(2g) Version: 3.2(2f) Version: 3.2(2g) Version: 3.2(2m) Version: 3.1(1n) Version: 4.1(1g) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20041",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:13:09.025281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:13:15.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Nexus Dashboard",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.1(3e)"
},
{
"status": "affected",
"version": "1.1(3c)"
},
{
"status": "affected",
"version": "1.1(3d)"
},
{
"status": "affected",
"version": "1.1(0d)"
},
{
"status": "affected",
"version": "1.1(2i)"
},
{
"status": "affected",
"version": "2.0(1b)"
},
{
"status": "affected",
"version": "1.1(2h)"
},
{
"status": "affected",
"version": "1.1(0c)"
},
{
"status": "affected",
"version": "1.1(3f)"
},
{
"status": "affected",
"version": "2.1(1d)"
},
{
"status": "affected",
"version": "2.1(1e)"
},
{
"status": "affected",
"version": "2.0(2g)"
},
{
"status": "affected",
"version": "2.0(2h)"
},
{
"status": "affected",
"version": "2.1(2d)"
},
{
"status": "affected",
"version": "2.0(1d)"
},
{
"status": "affected",
"version": "2.2(1h)"
},
{
"status": "affected",
"version": "2.2(1e)"
},
{
"status": "affected",
"version": "2.2(2d)"
},
{
"status": "affected",
"version": "2.1(2f)"
},
{
"status": "affected",
"version": "2.3(1c)"
},
{
"status": "affected",
"version": "2.3(2b)"
},
{
"status": "affected",
"version": "2.3(2c)"
},
{
"status": "affected",
"version": "2.3(2d)"
},
{
"status": "affected",
"version": "2.3(2e)"
},
{
"status": "affected",
"version": "3.0(1f)"
},
{
"status": "affected",
"version": "3.0(1i)"
},
{
"status": "affected",
"version": "3.1(1k)"
},
{
"status": "affected",
"version": "3.1(1l)"
},
{
"status": "affected",
"version": "3.2(1e)"
},
{
"status": "affected",
"version": "3.2(1i)"
},
{
"status": "affected",
"version": "3.3(1a)"
},
{
"status": "affected",
"version": "3.3(1b)"
},
{
"status": "affected",
"version": "3.3(2b)"
},
{
"status": "affected",
"version": "4.0(1i)"
},
{
"status": "affected",
"version": "3.3(2g)"
},
{
"status": "affected",
"version": "3.2(2f)"
},
{
"status": "affected",
"version": "3.2(2g)"
},
{
"status": "affected",
"version": "3.2(2m)"
},
{
"status": "affected",
"version": "3.1(1n)"
},
{
"status": "affected",
"version": "4.1(1g)"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Nexus Dashboard Insights",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.2.125"
},
{
"status": "affected",
"version": "2.2.2.126"
},
{
"status": "affected",
"version": "5.0.1.150"
},
{
"status": "affected",
"version": "5.0.1.154"
},
{
"status": "affected",
"version": "5.1.0.131"
},
{
"status": "affected",
"version": "5.1.0.135"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.2"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Nexus Dashboard and Cisco Nexus Dashboard Insights could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by persuading an authenticated user of the device management interface to click a crafted link. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device to an attacker-controlled server. The attacker could then execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T16:27:49.961Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-nd-ssrf-NAen4O7r",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-ssrf-NAen4O7r"
}
],
"source": {
"advisory": "cisco-sa-nd-ssrf-NAen4O7r",
"defects": [
"CSCwq47518"
],
"discovery": "INTERNAL"
},
"title": "Cisco Nexus Dashboard Server Side Request Forgery Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20041",
"datePublished": "2026-04-01T16:27:49.961Z",
"dateReserved": "2025-10-08T11:59:15.354Z",
"dateUpdated": "2026-04-01T18:13:15.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}