Cybersecurity News Kinetic Pontential

Cisco Patches Critical and High-Severity Vulnerabilities

Thu, 04/02/2026 - 09:25 / 0 Comments

Cisco on Wednesday announced fixes for two critical and six high-severity vulnerabilities that could be exploited for authentication bypass, remote code execution, privilege escalation, and information disclosure.

One of the critical bugs, tracked as CVE-2026-20160, impacts Cisco Smart Software Manager On-Prem (SSM On-Prem) and could allow attackers to abuse an erroneously exposed internal service to execute arbitrary commands.

“An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges,” Cisco says.

The second critical flaw is CVE-2026-20093, an authentication bypass issue rooted in the incorrect handling of password change requests.

An unauthenticated attacker could send crafted HTTP requests to a vulnerable device and modify user passwords, including those of administrators. The attacker could then access the system as an administrator.

On Wednesday, Cisco patched a high-severity defect in Evolved Programmable Network Manager (EPNM) that could allow attackers to access sensitive information, and another in SSM On-Prem that could be exploited for privilege escalation.

The company also rolled out fixes for four Integrated Management Controller (IMC) vulnerabilities that could be exploited to execute arbitrary commands and gain root privileges. All flaws exist because user-supplied input is not properly validated on IMC’s web-based management interface.

According to Cisco, more than two dozen enterprise networking products are impacted by the four security defects, including UCS C-series and E-series servers, as well as appliances that are based on them.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
2 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts