CVE-2026-20160

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 54.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Smart Software Manager On-prem
Timeline
PublishedApr 1

Description

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability2026-04-01
GHSA
GHSA-wmm4-pvrx-wvv8: A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on2026-04-01
CVE-2026-20160 (CRITICAL CVSS 9.8) | A vulnerability in Cisco Smart Soft | cvebase.io