Cisco on Wednesday announced fixes for two critical and six high-severity vulnerabilities that could be exploited for authentication bypass, remote code execution, privilege escalation, and information disclosure.
One of the critical bugs, tracked as CVE-2026-20160, impacts Cisco Smart Software Manager On-Prem (SSM On-Prem) and could allow attackers to abuse an erroneously exposed internal service to execute arbitrary commands.
“An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges,” Cisco says.
The second critical flaw is CVE-2026-20093, an authentication bypass issue rooted in the incorrect handling of password change requests.
An unauthenticated attacker could send crafted HTTP requests to a vulnerable device and modify user passwords, including those of administrators. The attacker could then access the system as an administrator.
On Wednesday, Cisco patched a high-severity defect in Evolved Programmable Network Manager (EPNM) that could allow attackers to access sensitive information, and another in SSM On-Prem that could be exploited for privilege escalation.
The company also rolled out fixes for four Integrated Management Controller (IMC) vulnerabilities that could be exploited to execute arbitrary commands and gain root privileges. All flaws exist because user-supplied input is not properly validated on IMC’s web-based management interface.
According to Cisco, more than two dozen enterprise networking products are impacted by the four security defects, including UCS C-series and E-series servers, as well as appliances that are based on them.
Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.
Related: Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
Related: TP-Link Patches High-Severity Router Vulnerabilities
Related: BIND Updates Patch High-Severity Vulnerabilities
Related: Cisco Patches Multiple Vulnerabilities in IOS Software
