CVE-2026-20155 — Missing Authorization in Cisco Evolved Programmable Network Manager

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.0HIGHNVD

EPSS

0.1%

top 68.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager

Timeline

PublishedApr 1

Description

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive information that they are not authorized to access. This vulnerability is due to improper authorization checks on a REST API endpoint of an affected device. An attacker could exploit this vulnerability by querying the affected endpoint. A successful exploit could allow the attacker to view session informa…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5cisco/cisco_evolved_programmable_network_manager14 versions+13

🔴Vulnerability Details

GHSA

GHSA-g5c4-x88j-p4hw: A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attack↗2026-04-01

▶

CVEList

Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability↗2026-04-01

▶