A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
References
Configurations
No configuration.
History
01 Apr 2026, 17:28
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-01 17:28
Updated : 2026-06-17 10:17
NVD link : CVE-2026-20097
Mitre link : CVE-2026-20097
CVE.ORG link : CVE-2026-20097
JSON object : View
Products Affected
No product.
CWE
CWE-787
Out-of-bounds Write
