Cisco released patches addressing two critical and six high-severity vulnerabilities that could enable authentication bypass, remote code execution, privilege escalation, and information disclosure. The critical flaws — CVE-2026-20160 in Cisco Smart Software Manager On-Prem and CVE-2026-20093 allowing password-change authentication bypass — can lead to root-level command execution and administrator account takeover; Cisco reports no known in-the-wild exploitation. #CVE-2026-20160 #CVE-2026-20093
Keypoints
- Cisco patched two critical and six high-severity vulnerabilities across multiple products.
- CVE-2026-20160 in SSM On-Prem exposes an internal service that can be abused to execute arbitrary commands as root.
- CVE-2026-20093 is an authentication bypass allowing unauthenticated attackers to change passwords and gain administrator access.
- Four IMC vulnerabilities stem from improper input validation in the web interface, enabling command execution and root escalation.
- More than two dozen enterprise products, including UCS C-series and E-series servers, are affected, and Cisco is not aware of active exploitation.
Read More: https://www.securityweek.com/cisco-patches-critical-and-high-severity-vulnerabilities/