CVE-2026-20036OS Command Injection in Cisco Unified Computing System

CWE-78OS Command Injection5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 79.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedFeb 25

Description

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation of command arguments that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected comma

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system95 versions+94

🔴Vulnerability Details

2
GHSA
GHSA-c2mj-6hqf-86q8: A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid a2026-02-25
CVEList
Cisco UCS Manager Software Command Injection Vulnerability2026-02-25

📋Vendor Advisories

1
Cisco
Cisco UCS Manager Software Command Injection Vulnerability2026-02-25
CVE-2026-20036 — OS Command Injection in Cisco | cvebase