CVE-2026-20094

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

Severity	HIGH
CVSS	8.8
CWE	CWE-77
KEV
Published	1 month ago
Modified	1 month ago

Related Products

Product	Advisory	Evidence
Cisco Unified Computing System E-Series Software (UCSE)	cisco-sa-cimc-cmd-inj-3hKN3bVt	Cisco OpenVuln
Cisco Unified Computing System (Standalone)	cisco-sa-cimc-cmd-inj-3hKN3bVt	Cisco OpenVuln
Cisco Enterprise NFV Infrastructure Software	cisco-sa-cimc-cmd-inj-3hKN3bVt	Cisco OpenVuln