CVE-2026-20123

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-601
KEV
Published	3 months ago
Modified	2 months ago

Related Products

Product	Advisory	Evidence
Cisco Prime Infrastructure	cisco-sa-epnm-pi-redirect-6sX82dN	Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM)	cisco-sa-epnm-pi-redirect-6sX82dN	Cisco OpenVuln