anonhaven
Ad

CVE-2026-20096

MEDIUM CVSS 3.1: 6.5 EPSS 0.08%
Updated Apr 03, 2026
Cisco
Parameter Value
CVSS 6.5 (MEDIUM)
Type CWE-77 (Command Injection)
Vendor Cisco
Public PoC No

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software.

A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-77 Command Injection

References 1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…
psirt@cisco.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-20174

Cisco

4.9

CVE-2026-20160

Cisco

9.8

CVE-2026-20155

Cisco

8.0

CVE-2026-20151

Cisco

7.3

CVE-2026-20097

Cisco

6.5