CVE-2026-20097

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user. Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
Configurations

No configuration.

History

01 Apr 2026, 17:28

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-01 17:28

Updated : 2026-06-17 10:17


NVD link : CVE-2026-20097

Mitre link : CVE-2026-20097

CVE.ORG link : CVE-2026-20097


JSON object : View

Products Affected

No product.

CWE
CWE-787

Out-of-bounds Write