CVE-2026-20107Insufficient Granularity of Access Control in Cisco Application Policy Infrastructure Controller

CWE-1220Insufficient Granularity of Access Control4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Application Policy Infrastructure Controller
Timeline
PublishedFeb 25

Description

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted c

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability2026-02-25
GHSA
GHSA-gv9w-2wpq-7538: A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local att2026-02-25

📋Vendor Advisories

1
Cisco
Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability2026-02-25
CVE-2026-20107 — Cisco vulnerability | cvebase