CVE-2026-20097Out-of-bounds Write in Cisco Unified Computing System

CWE-787Out-of-bounds Write3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Computing System
Timeline
PublishedApr 1

Description

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating sys

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_unified_computing_system144 versions+143

🔴Vulnerability Details

2
CVEList
Cisco Integrated Management Controller Remote Code Execution Vulnerability2026-04-01
GHSA
GHSA-6v24-9xph-9cp8: A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execut2026-04-01
CVE-2026-20097 — Out-of-bounds Write in Cisco | cvebase