CVE-2026-20093 — Improper Input Validation in Cisco Enterprise NFV Infrastructure Software

CWE-20 — Improper Input Validation5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 92.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise NFV Infrastructure Software Cisco Unified Computing System Cisco Unified Computing System E-series Software

Timeline

PublishedApr 1

Description

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco/cisco_unified_computing_system141 versions+140

▶CVEListV5cisco/cisco_unified_computing_system_e-series_software42 versions+41

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_software69 versions+68

🔴Vulnerability Details

CVEList

Cisco Integrated Management Controller Authentication Bypass Vulnerability↗2026-04-01

▶

GHSA

GHSA-8gpv-wqhx-xp52: A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker t↗2026-04-01

▶