CWE-77

CVE-2026-2000 (GCVE-0-2026-2000)

Vulnerability from cvelistv5 – Published: 2026-02-06 06:32 – Updated: 2026-02-23 09:22

Title

DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection

Summary

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Assigner

VulDB

References

4 references

URL	Tags
https://vuldb.com/?id.344548	vdb-entrytechnical-description
https://vuldb.com/?ctiid.344548	signaturepermissions-required
https://vuldb.com/?submit.743455	third-party-advisory
https://github.com/physicszq/Routers/tree/main/Dcme	exploit

Impacted products

1 product

Vendor	Product	Version
DCN	DCME-320	Affected: 20260121

Credits

physicszq (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2000",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:08:08.048195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-12T15:08:14.859Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Backend"
          ],
          "product": "DCME-320",
          "vendor": "DCN",
          "versions": [
            {
              "status": "affected",
              "version": "20260121"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "physicszq (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation of the argument ip_list results in command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T09:22:13.715Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344548 | DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344548"
        },
        {
          "name": "VDB-344548 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344548"
        },
        {
          "name": "Submit #743455 | \u5317\u4eac\u795e\u5dde\u6570\u7801\u4e91\u79d1\u4fe1\u606f\u6280\u672f\u6709\u9650\u516c\u53f8 Dcme320  latest Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.743455"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/physicszq/Routers/tree/main/Dcme"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-05T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-05T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-18T01:03:36.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "DCN DCME-320 Web Management Backend bridge_cfg.php apply_config command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2000",
    "datePublished": "2026-02-06T06:32:05.840Z",
    "dateReserved": "2026-02-05T17:18:39.350Z",
    "dateUpdated": "2026-02-23T09:22:13.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20094 (GCVE-0-2026-20094)

Vulnerability from cvelistv5 – Published: 2026-04-01 16:28 – Updated: 2026-04-22 19:09

Title

Cisco Integrated Management Controller Command Injection Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

2 products

Vendor	Product	Version
Cisco	Cisco Unified Computing System (Standalone)	Affected: 4.0(2g) Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194)
Cisco	Cisco Unified Computing System E-Series Software (UCSE)	Affected: 3.2.7 Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:56:15.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Standalone)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1e)"
            },
            {
              "status": "affected",
              "version": "4.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "4.0(2l)"
            },
            {
              "status": "affected",
              "version": "3.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(1.240)"
            },
            {
              "status": "affected",
              "version": "4.0(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.0(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "3.1(2d)"
            },
            {
              "status": "affected",
              "version": "3.1(3a)"
            },
            {
              "status": "affected",
              "version": "3.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(1f)"
            },
            {
              "status": "affected",
              "version": "4.0(4j)"
            },
            {
              "status": "affected",
              "version": "4.0(2m)"
            },
            {
              "status": "affected",
              "version": "4.0(2k)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.1(3d)"
            },
            {
              "status": "affected",
              "version": "3.1(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "3.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "3.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(2n)"
            },
            {
              "status": "affected",
              "version": "4.1(1h)"
            },
            {
              "status": "affected",
              "version": "3.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(2o)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2p)"
            },
            {
              "status": "affected",
              "version": "4.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.1(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.0(2q)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(2r)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "4.1(2h)"
            },
            {
              "status": "affected",
              "version": "4.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.1(2j)"
            },
            {
              "status": "affected",
              "version": "4.1(2k)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.2(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230097)"
            },
            {
              "status": "affected",
              "version": "4.2(1e)"
            },
            {
              "status": "affected",
              "version": "4.2(1b)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.2(1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230124)"
            },
            {
              "status": "affected",
              "version": "4.1(2l)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230138)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230207)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230270)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240002)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240022)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.1(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240009)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240041)"
            },
            {
              "status": "affected",
              "version": "4.2(3k)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240043)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240142)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240053)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240152)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240077)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242028)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241063)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242038)"
            },
            {
              "status": "affected",
              "version": "4.2(3m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240090)"
            },
            {
              "status": "affected",
              "version": "4.3(5.240021)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240107)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242066)"
            },
            {
              "status": "affected",
              "version": "4.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250001)"
            },
            {
              "status": "affected",
              "version": "4.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250016)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250021)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250030)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250022)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250039)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250040)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250033)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250044)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250053)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252001)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252002)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250127)"
            },
            {
              "status": "affected",
              "version": "4.2(3p)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250131)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250101)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250174)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250117)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250043)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250060)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250130)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241014)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250063)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250192)"
            },
            {
              "status": "affected",
              "version": "4.3(6.260003)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250194)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System E-Series Software (UCSE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.7"
            },
            {
              "status": "affected",
              "version": "3.2.6"
            },
            {
              "status": "affected",
              "version": "3.2.4"
            },
            {
              "status": "affected",
              "version": "3.2.10"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "2.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.8"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "2.3.2"
            },
            {
              "status": "affected",
              "version": "2.3.5"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "2.4.1"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "2.3.3"
            },
            {
              "status": "affected",
              "version": "2.4.2"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "3.2.11.3"
            },
            {
              "status": "affected",
              "version": "3.2.11.5"
            },
            {
              "status": "affected",
              "version": "3.2.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.13.6"
            },
            {
              "status": "affected",
              "version": "3.2.14"
            },
            {
              "status": "affected",
              "version": "4.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.15"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            },
            {
              "status": "affected",
              "version": "3.2.15.3"
            },
            {
              "status": "affected",
              "version": "4.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.16.1"
            },
            {
              "status": "affected",
              "version": "4.00"
            },
            {
              "status": "affected",
              "version": "4.15.2"
            },
            {
              "status": "affected",
              "version": "4.02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T19:09:45.612Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
        "defects": [
          "CSCwr60021"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Integrated Management Controller Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20094",
    "datePublished": "2026-04-01T16:28:50.641Z",
    "dateReserved": "2025-10-08T11:59:15.369Z",
    "dateUpdated": "2026-04-22T19:09:45.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20095 (GCVE-0-2026-20095)

Vulnerability from cvelistv5 – Published: 2026-04-01 16:28 – Updated: 2026-04-22 19:09

Title

Cisco Integrated Management Controller Command Injection Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

3 products

Vendor	Product	Version
Cisco	Cisco Enterprise NFV Infrastructure Software	Affected: 4.1.1 Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a
Cisco	Cisco Unified Computing System (Standalone)	Affected: 4.0(2g) Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194)
Cisco	Cisco Unified Computing System E-Series Software (UCSE)	Affected: 3.2.7 Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20095",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:56:14.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Enterprise NFV Infrastructure Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1"
            },
            {
              "status": "affected",
              "version": "3.5.2"
            },
            {
              "status": "affected",
              "version": "3.12.2"
            },
            {
              "status": "affected",
              "version": "3.6.2"
            },
            {
              "status": "affected",
              "version": "3.9.2"
            },
            {
              "status": "affected",
              "version": "3.11.3"
            },
            {
              "status": "affected",
              "version": "3.11.1"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.10.2"
            },
            {
              "status": "affected",
              "version": "3.12.1b"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.12.1a"
            },
            {
              "status": "affected",
              "version": "3.6.3"
            },
            {
              "status": "affected",
              "version": "3.8.1"
            },
            {
              "status": "affected",
              "version": "3.11.2"
            },
            {
              "status": "affected",
              "version": "3.12.1"
            },
            {
              "status": "affected",
              "version": "3.12.3"
            },
            {
              "status": "affected",
              "version": "3.10.1"
            },
            {
              "status": "affected",
              "version": "3.6.1"
            },
            {
              "status": "affected",
              "version": "3.10.3"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "4.2.1"
            },
            {
              "status": "affected",
              "version": "4.2.2"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.4.3"
            },
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.6.2-FC2"
            },
            {
              "status": "affected",
              "version": "4.6.2-FC3"
            },
            {
              "status": "affected",
              "version": "4.6.2"
            },
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.2"
            },
            {
              "status": "affected",
              "version": "4.9.1"
            },
            {
              "status": "affected",
              "version": "4.6.3"
            },
            {
              "status": "affected",
              "version": "4.9.2-FC5"
            },
            {
              "status": "affected",
              "version": "4.9.2"
            },
            {
              "status": "affected",
              "version": "4.10.1"
            },
            {
              "status": "affected",
              "version": "4.9.3"
            },
            {
              "status": "affected",
              "version": "4.11.1"
            },
            {
              "status": "affected",
              "version": "4.9.4"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            },
            {
              "status": "affected",
              "version": "4.6.4"
            },
            {
              "status": "affected",
              "version": "4.12.2"
            },
            {
              "status": "affected",
              "version": "4.13.1"
            },
            {
              "status": "affected",
              "version": "4.9.4-ES8"
            },
            {
              "status": "affected",
              "version": "4.9.5"
            },
            {
              "status": "affected",
              "version": "4.12.3"
            },
            {
              "status": "affected",
              "version": "4.6.5-ES1"
            },
            {
              "status": "affected",
              "version": "4.9.4-ES9"
            },
            {
              "status": "affected",
              "version": "4.14.1"
            },
            {
              "status": "affected",
              "version": "4.6.3-FC4"
            },
            {
              "status": "affected",
              "version": "4.9.4-FC3"
            },
            {
              "status": "affected",
              "version": "4.12.4"
            },
            {
              "status": "affected",
              "version": "4.15.1"
            },
            {
              "status": "affected",
              "version": "4.9.6"
            },
            {
              "status": "affected",
              "version": "4.16.1"
            },
            {
              "status": "affected",
              "version": "4.15.2"
            },
            {
              "status": "affected",
              "version": "4.12.5"
            },
            {
              "status": "affected",
              "version": "4.15.3"
            },
            {
              "status": "affected",
              "version": "4.15.4"
            },
            {
              "status": "affected",
              "version": "4.18.1"
            },
            {
              "status": "affected",
              "version": "4.12.6"
            },
            {
              "status": "affected",
              "version": "4.18.2"
            },
            {
              "status": "affected",
              "version": "4.18.2a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Standalone)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1e)"
            },
            {
              "status": "affected",
              "version": "4.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "4.0(2l)"
            },
            {
              "status": "affected",
              "version": "3.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(1.240)"
            },
            {
              "status": "affected",
              "version": "4.0(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.0(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "3.1(2d)"
            },
            {
              "status": "affected",
              "version": "3.1(3a)"
            },
            {
              "status": "affected",
              "version": "3.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(1f)"
            },
            {
              "status": "affected",
              "version": "4.0(4j)"
            },
            {
              "status": "affected",
              "version": "4.0(2m)"
            },
            {
              "status": "affected",
              "version": "4.0(2k)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.1(3d)"
            },
            {
              "status": "affected",
              "version": "3.1(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "3.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "3.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(2n)"
            },
            {
              "status": "affected",
              "version": "4.1(1h)"
            },
            {
              "status": "affected",
              "version": "3.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(2o)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2p)"
            },
            {
              "status": "affected",
              "version": "4.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.1(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.0(2q)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(2r)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "4.1(2h)"
            },
            {
              "status": "affected",
              "version": "4.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.1(2j)"
            },
            {
              "status": "affected",
              "version": "4.1(2k)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.2(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230097)"
            },
            {
              "status": "affected",
              "version": "4.2(1e)"
            },
            {
              "status": "affected",
              "version": "4.2(1b)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.2(1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230124)"
            },
            {
              "status": "affected",
              "version": "4.1(2l)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230138)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230207)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230270)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240002)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240022)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.1(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240009)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240041)"
            },
            {
              "status": "affected",
              "version": "4.2(3k)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240043)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240142)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240053)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240152)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240077)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242028)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241063)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242038)"
            },
            {
              "status": "affected",
              "version": "4.2(3m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240090)"
            },
            {
              "status": "affected",
              "version": "4.3(5.240021)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240107)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242066)"
            },
            {
              "status": "affected",
              "version": "4.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250001)"
            },
            {
              "status": "affected",
              "version": "4.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250016)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250021)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250030)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250022)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250039)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250040)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250033)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250044)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250053)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252001)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252002)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250127)"
            },
            {
              "status": "affected",
              "version": "4.2(3p)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250131)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250101)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250174)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250117)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250043)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250060)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250130)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241014)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250063)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250192)"
            },
            {
              "status": "affected",
              "version": "4.3(6.260003)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250194)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System E-Series Software (UCSE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.7"
            },
            {
              "status": "affected",
              "version": "3.2.6"
            },
            {
              "status": "affected",
              "version": "3.2.4"
            },
            {
              "status": "affected",
              "version": "3.2.10"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "2.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.8"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "2.3.2"
            },
            {
              "status": "affected",
              "version": "2.3.5"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "2.4.1"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "2.3.3"
            },
            {
              "status": "affected",
              "version": "2.4.2"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "3.2.11.3"
            },
            {
              "status": "affected",
              "version": "3.2.11.5"
            },
            {
              "status": "affected",
              "version": "3.2.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.13.6"
            },
            {
              "status": "affected",
              "version": "3.2.14"
            },
            {
              "status": "affected",
              "version": "4.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.15"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            },
            {
              "status": "affected",
              "version": "3.2.15.3"
            },
            {
              "status": "affected",
              "version": "4.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.16.1"
            },
            {
              "status": "affected",
              "version": "4.00"
            },
            {
              "status": "affected",
              "version": "4.15.2"
            },
            {
              "status": "affected",
              "version": "4.02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T19:09:41.775Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
        "defects": [
          "CSCwr60889"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Integrated Management Controller Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20095",
    "datePublished": "2026-04-01T16:28:47.898Z",
    "dateReserved": "2025-10-08T11:59:15.369Z",
    "dateUpdated": "2026-04-22T19:09:41.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20096 (GCVE-0-2026-20096)

Vulnerability from cvelistv5 – Published: 2026-04-01 16:29 – Updated: 2026-04-22 19:09

Title

Cisco Integrated Management Controller Command Injection Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

3 products

Vendor	Product	Version
Cisco	Cisco Enterprise NFV Infrastructure Software	Affected: 4.1.1 Affected: 3.9.1 Affected: 3.5.2 Affected: 3.12.2 Affected: 3.6.2 Affected: 3.9.2 Affected: 3.11.3 Affected: 3.11.1 Affected: 3.5.1 Affected: 3.3.1 Affected: 3.10.2 Affected: 3.12.1b Affected: 3.4.1 Affected: 3.12.1a Affected: 3.6.3 Affected: 3.8.1 Affected: 3.11.2 Affected: 3.12.1 Affected: 3.12.3 Affected: 3.10.1 Affected: 3.6.1 Affected: 3.10.3 Affected: 3.7.1 Affected: 4.1.2 Affected: 4.2.1 Affected: 4.2.2 Affected: 4.4.1 Affected: 4.4.2 Affected: 4.5.1 Affected: 4.4.3 Affected: 4.6.1 Affected: 4.7.1 Affected: 4.6.2-FC2 Affected: 4.6.2-FC3 Affected: 4.6.2 Affected: 4.8.1 Affected: 4.8.2 Affected: 4.9.1 Affected: 4.6.3 Affected: 4.9.2-FC5 Affected: 4.9.2 Affected: 4.10.1 Affected: 4.9.3 Affected: 4.11.1 Affected: 4.9.4 Affected: 4.12.1 Affected: 4.6.4 Affected: 4.12.2 Affected: 4.13.1 Affected: 4.9.4-ES8 Affected: 4.9.5 Affected: 4.12.3 Affected: 4.6.5-ES1 Affected: 4.9.4-ES9 Affected: 4.14.1 Affected: 4.6.3-FC4 Affected: 4.9.4-FC3 Affected: 4.12.4 Affected: 4.15.1 Affected: 4.9.6 Affected: 4.16.1 Affected: 4.15.2 Affected: 4.12.5 Affected: 4.15.3 Affected: 4.15.4 Affected: 4.18.1 Affected: 4.12.6 Affected: 4.18.2 Affected: 4.18.2a
Cisco	Cisco Unified Computing System (Standalone)	Affected: 4.0(2g) Affected: 3.1(2i) Affected: 3.1(1d) Affected: 4.0(4i) Affected: 4.1(1c) Affected: 4.0(2c) Affected: 4.0(1e) Affected: 4.0(2h) Affected: 4.0(4h) Affected: 4.0(1h) Affected: 4.0(2l) Affected: 3.1(3g) Affected: 4.0(1.240) Affected: 4.0(2f) Affected: 4.0(1g) Affected: 4.0(2i) Affected: 3.1(3i) Affected: 4.0(4d) Affected: 4.1(1d) Affected: 3.1(3c) Affected: 4.0(4k) Affected: 3.1(2d) Affected: 3.1(3a) Affected: 3.1(3j) Affected: 4.0(2d) Affected: 4.1(1f) Affected: 4.0(4j) Affected: 4.0(2m) Affected: 4.0(2k) Affected: 4.0(1c) Affected: 4.0(4f) Affected: 4.0(4c) Affected: 3.1(3d) Affected: 3.1(2g) Affected: 3.1(2c) Affected: 4.0(1d) Affected: 3.1(2e) Affected: 4.0(1a) Affected: 4.0(1b) Affected: 3.1(3b) Affected: 4.0(4b) Affected: 3.1(2b) Affected: 4.0(4e) Affected: 3.1(3h) Affected: 4.0(4l) Affected: 4.1(1g) Affected: 4.1(2a) Affected: 4.0(2n) Affected: 4.1(1h) Affected: 3.1(3k) Affected: 4.1(2b) Affected: 4.0(2o) Affected: 4.0(4m) Affected: 4.1(2d) Affected: 4.1(3b) Affected: 4.0(2p) Affected: 4.1(2e) Affected: 4.1(2f) Affected: 4.0(4n) Affected: 4.0(2q) Affected: 4.1(3c) Affected: 4.0(2r) Affected: 4.1(3d) Affected: 4.1(2g) Affected: 4.1(2h) Affected: 4.1(3g) Affected: 4.1(3f) Affected: 4.1(2j) Affected: 4.1(2k) Affected: 4.1(3h) Affected: 4.2(2a) Affected: 4.1(3i) Affected: 4.2(2f) Affected: 4.2(2g) Affected: 4.2(3b) Affected: 4.1(3l) Affected: 4.2(3d) Affected: 4.3(1.230097) Affected: 4.2(1e) Affected: 4.2(1b) Affected: 4.2(1j) Affected: 4.2(1i) Affected: 4.2(1f) Affected: 4.2(1a) Affected: 4.2(1c) Affected: 4.2(1g) Affected: 4.3(1.230124) Affected: 4.1(2l) Affected: 4.2(3e) Affected: 4.3(1.230138) Affected: 4.2(3g) Affected: 4.3(2.230207) Affected: 4.2(3h) Affected: 4.2(3i) Affected: 4.3(2.230270) Affected: 4.1(3m) Affected: 4.1(2m) Affected: 4.3(2.240002) Affected: 4.3(3.240022) Affected: 4.2(3j) Affected: 4.1(3n) Affected: 4.3(2.240009) Affected: 4.3(3.240041) Affected: 4.2(3k) Affected: 4.3(3.240043) Affected: 4.3(4.240142) Affected: 4.3(2.240037) Affected: 4.3(2.240053) Affected: 4.3(4.240152) Affected: 4.2(3l) Affected: 4.3(2.240077) Affected: 4.3(4.242028) Affected: 4.3(4.241063) Affected: 4.3(4.242038) Affected: 4.2(3m) Affected: 4.3(2.240090) Affected: 4.3(5.240021) Affected: 4.3(2.240107) Affected: 4.3(4.242066) Affected: 4.2(3n) Affected: 4.3(5.250001) Affected: 4.2(3o) Affected: 4.3(2.250016) Affected: 4.3(2.250021) Affected: 4.3(5.250030) Affected: 4.3(2.250022) Affected: 4.3(6.250039) Affected: 4.3(6.250040) Affected: 4.3(5.250033) Affected: 4.3(6.250044) Affected: 4.3(6.250053) Affected: 4.3(2.250037) Affected: 4.3(2.250045) Affected: 4.3(4.252001) Affected: 4.3(4.252002) Affected: 6.0(1.250127) Affected: 4.2(3p) Affected: 6.0(1.250131) Affected: 4.3(6.250101) Affected: 6.0(1.250174) Affected: 4.3(6.250117) Affected: 4.3(5.250043) Affected: 4.3(5.250045) Affected: 4.3(6.250060) Affected: 6.0(1.250130) Affected: 4.3(4.241014) Affected: 4.3(2.250063) Affected: 6.0(1.250192) Affected: 4.3(6.260003) Affected: 6.0(1.250194)
Cisco	Cisco Unified Computing System E-Series Software (UCSE)	Affected: 3.2.7 Affected: 3.2.6 Affected: 3.2.4 Affected: 3.2.10 Affected: 3.2.2 Affected: 3.2.3 Affected: 2.4.0 Affected: 3.2.1 Affected: 3.2.11.1 Affected: 3.2.8 Affected: 3.1.1 Affected: 3.0.2 Affected: 2.1.0 Affected: 2.2.2 Affected: 3.1.2 Affected: 3.0.1 Affected: 2.3.2 Affected: 2.3.5 Affected: 2.2.1 Affected: 3.1.4 Affected: 2.4.1 Affected: 2.3.1 Affected: 3.1.3 Affected: 2.3.3 Affected: 2.4.2 Affected: 3.1.5 Affected: 3.1.0 Affected: 2.0.0 Affected: 3.2.11.3 Affected: 3.2.11.5 Affected: 3.2.12.2 Affected: 3.2.13.6 Affected: 3.2.14 Affected: 4.11.1 Affected: 3.2.15 Affected: 4.12.1 Affected: 3.2.15.3 Affected: 4.12.2 Affected: 3.2.16.1 Affected: 4.00 Affected: 4.15.2 Affected: 4.02

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20096",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-01T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T03:56:17.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Enterprise NFV Infrastructure Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "3.9.1"
            },
            {
              "status": "affected",
              "version": "3.5.2"
            },
            {
              "status": "affected",
              "version": "3.12.2"
            },
            {
              "status": "affected",
              "version": "3.6.2"
            },
            {
              "status": "affected",
              "version": "3.9.2"
            },
            {
              "status": "affected",
              "version": "3.11.3"
            },
            {
              "status": "affected",
              "version": "3.11.1"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.10.2"
            },
            {
              "status": "affected",
              "version": "3.12.1b"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.12.1a"
            },
            {
              "status": "affected",
              "version": "3.6.3"
            },
            {
              "status": "affected",
              "version": "3.8.1"
            },
            {
              "status": "affected",
              "version": "3.11.2"
            },
            {
              "status": "affected",
              "version": "3.12.1"
            },
            {
              "status": "affected",
              "version": "3.12.3"
            },
            {
              "status": "affected",
              "version": "3.10.1"
            },
            {
              "status": "affected",
              "version": "3.6.1"
            },
            {
              "status": "affected",
              "version": "3.10.3"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "4.2.1"
            },
            {
              "status": "affected",
              "version": "4.2.2"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.4.3"
            },
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.6.2-FC2"
            },
            {
              "status": "affected",
              "version": "4.6.2-FC3"
            },
            {
              "status": "affected",
              "version": "4.6.2"
            },
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.2"
            },
            {
              "status": "affected",
              "version": "4.9.1"
            },
            {
              "status": "affected",
              "version": "4.6.3"
            },
            {
              "status": "affected",
              "version": "4.9.2-FC5"
            },
            {
              "status": "affected",
              "version": "4.9.2"
            },
            {
              "status": "affected",
              "version": "4.10.1"
            },
            {
              "status": "affected",
              "version": "4.9.3"
            },
            {
              "status": "affected",
              "version": "4.11.1"
            },
            {
              "status": "affected",
              "version": "4.9.4"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            },
            {
              "status": "affected",
              "version": "4.6.4"
            },
            {
              "status": "affected",
              "version": "4.12.2"
            },
            {
              "status": "affected",
              "version": "4.13.1"
            },
            {
              "status": "affected",
              "version": "4.9.4-ES8"
            },
            {
              "status": "affected",
              "version": "4.9.5"
            },
            {
              "status": "affected",
              "version": "4.12.3"
            },
            {
              "status": "affected",
              "version": "4.6.5-ES1"
            },
            {
              "status": "affected",
              "version": "4.9.4-ES9"
            },
            {
              "status": "affected",
              "version": "4.14.1"
            },
            {
              "status": "affected",
              "version": "4.6.3-FC4"
            },
            {
              "status": "affected",
              "version": "4.9.4-FC3"
            },
            {
              "status": "affected",
              "version": "4.12.4"
            },
            {
              "status": "affected",
              "version": "4.15.1"
            },
            {
              "status": "affected",
              "version": "4.9.6"
            },
            {
              "status": "affected",
              "version": "4.16.1"
            },
            {
              "status": "affected",
              "version": "4.15.2"
            },
            {
              "status": "affected",
              "version": "4.12.5"
            },
            {
              "status": "affected",
              "version": "4.15.3"
            },
            {
              "status": "affected",
              "version": "4.15.4"
            },
            {
              "status": "affected",
              "version": "4.18.1"
            },
            {
              "status": "affected",
              "version": "4.12.6"
            },
            {
              "status": "affected",
              "version": "4.18.2"
            },
            {
              "status": "affected",
              "version": "4.18.2a"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Standalone)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1e)"
            },
            {
              "status": "affected",
              "version": "4.0(2h)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.0(1h)"
            },
            {
              "status": "affected",
              "version": "4.0(2l)"
            },
            {
              "status": "affected",
              "version": "3.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(1.240)"
            },
            {
              "status": "affected",
              "version": "4.0(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(1g)"
            },
            {
              "status": "affected",
              "version": "4.0(2i)"
            },
            {
              "status": "affected",
              "version": "3.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(4k)"
            },
            {
              "status": "affected",
              "version": "3.1(2d)"
            },
            {
              "status": "affected",
              "version": "3.1(3a)"
            },
            {
              "status": "affected",
              "version": "3.1(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(1f)"
            },
            {
              "status": "affected",
              "version": "4.0(4j)"
            },
            {
              "status": "affected",
              "version": "4.0(2m)"
            },
            {
              "status": "affected",
              "version": "4.0(2k)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.1(3d)"
            },
            {
              "status": "affected",
              "version": "3.1(2g)"
            },
            {
              "status": "affected",
              "version": "3.1(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "3.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "3.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.0(4l)"
            },
            {
              "status": "affected",
              "version": "4.1(1g)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.0(2n)"
            },
            {
              "status": "affected",
              "version": "4.1(1h)"
            },
            {
              "status": "affected",
              "version": "3.1(3k)"
            },
            {
              "status": "affected",
              "version": "4.1(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(2o)"
            },
            {
              "status": "affected",
              "version": "4.0(4m)"
            },
            {
              "status": "affected",
              "version": "4.1(2d)"
            },
            {
              "status": "affected",
              "version": "4.1(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2p)"
            },
            {
              "status": "affected",
              "version": "4.1(2e)"
            },
            {
              "status": "affected",
              "version": "4.1(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4n)"
            },
            {
              "status": "affected",
              "version": "4.0(2q)"
            },
            {
              "status": "affected",
              "version": "4.1(3c)"
            },
            {
              "status": "affected",
              "version": "4.0(2r)"
            },
            {
              "status": "affected",
              "version": "4.1(3d)"
            },
            {
              "status": "affected",
              "version": "4.1(2g)"
            },
            {
              "status": "affected",
              "version": "4.1(2h)"
            },
            {
              "status": "affected",
              "version": "4.1(3g)"
            },
            {
              "status": "affected",
              "version": "4.1(3f)"
            },
            {
              "status": "affected",
              "version": "4.1(2j)"
            },
            {
              "status": "affected",
              "version": "4.1(2k)"
            },
            {
              "status": "affected",
              "version": "4.1(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(3i)"
            },
            {
              "status": "affected",
              "version": "4.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.2(2g)"
            },
            {
              "status": "affected",
              "version": "4.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.1(3l)"
            },
            {
              "status": "affected",
              "version": "4.2(3d)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230097)"
            },
            {
              "status": "affected",
              "version": "4.2(1e)"
            },
            {
              "status": "affected",
              "version": "4.2(1b)"
            },
            {
              "status": "affected",
              "version": "4.2(1j)"
            },
            {
              "status": "affected",
              "version": "4.2(1i)"
            },
            {
              "status": "affected",
              "version": "4.2(1f)"
            },
            {
              "status": "affected",
              "version": "4.2(1a)"
            },
            {
              "status": "affected",
              "version": "4.2(1c)"
            },
            {
              "status": "affected",
              "version": "4.2(1g)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230124)"
            },
            {
              "status": "affected",
              "version": "4.1(2l)"
            },
            {
              "status": "affected",
              "version": "4.2(3e)"
            },
            {
              "status": "affected",
              "version": "4.3(1.230138)"
            },
            {
              "status": "affected",
              "version": "4.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230207)"
            },
            {
              "status": "affected",
              "version": "4.2(3h)"
            },
            {
              "status": "affected",
              "version": "4.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.3(2.230270)"
            },
            {
              "status": "affected",
              "version": "4.1(3m)"
            },
            {
              "status": "affected",
              "version": "4.1(2m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240002)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240022)"
            },
            {
              "status": "affected",
              "version": "4.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.1(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240009)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240041)"
            },
            {
              "status": "affected",
              "version": "4.2(3k)"
            },
            {
              "status": "affected",
              "version": "4.3(3.240043)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240142)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240053)"
            },
            {
              "status": "affected",
              "version": "4.3(4.240152)"
            },
            {
              "status": "affected",
              "version": "4.2(3l)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240077)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242028)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241063)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242038)"
            },
            {
              "status": "affected",
              "version": "4.2(3m)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240090)"
            },
            {
              "status": "affected",
              "version": "4.3(5.240021)"
            },
            {
              "status": "affected",
              "version": "4.3(2.240107)"
            },
            {
              "status": "affected",
              "version": "4.3(4.242066)"
            },
            {
              "status": "affected",
              "version": "4.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250001)"
            },
            {
              "status": "affected",
              "version": "4.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250016)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250021)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250030)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250022)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250039)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250040)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250033)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250044)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250053)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250037)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252001)"
            },
            {
              "status": "affected",
              "version": "4.3(4.252002)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250127)"
            },
            {
              "status": "affected",
              "version": "4.2(3p)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250131)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250101)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250174)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250117)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250043)"
            },
            {
              "status": "affected",
              "version": "4.3(5.250045)"
            },
            {
              "status": "affected",
              "version": "4.3(6.250060)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250130)"
            },
            {
              "status": "affected",
              "version": "4.3(4.241014)"
            },
            {
              "status": "affected",
              "version": "4.3(2.250063)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250192)"
            },
            {
              "status": "affected",
              "version": "4.3(6.260003)"
            },
            {
              "status": "affected",
              "version": "6.0(1.250194)"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System E-Series Software (UCSE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.7"
            },
            {
              "status": "affected",
              "version": "3.2.6"
            },
            {
              "status": "affected",
              "version": "3.2.4"
            },
            {
              "status": "affected",
              "version": "3.2.10"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "2.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.8"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.2.2"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "2.3.2"
            },
            {
              "status": "affected",
              "version": "2.3.5"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "2.4.1"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "2.3.3"
            },
            {
              "status": "affected",
              "version": "2.4.2"
            },
            {
              "status": "affected",
              "version": "3.1.5"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "3.2.11.3"
            },
            {
              "status": "affected",
              "version": "3.2.11.5"
            },
            {
              "status": "affected",
              "version": "3.2.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.13.6"
            },
            {
              "status": "affected",
              "version": "3.2.14"
            },
            {
              "status": "affected",
              "version": "4.11.1"
            },
            {
              "status": "affected",
              "version": "3.2.15"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            },
            {
              "status": "affected",
              "version": "3.2.15.3"
            },
            {
              "status": "affected",
              "version": "4.12.2"
            },
            {
              "status": "affected",
              "version": "3.2.16.1"
            },
            {
              "status": "affected",
              "version": "4.00"
            },
            {
              "status": "affected",
              "version": "4.15.2"
            },
            {
              "status": "affected",
              "version": "4.02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and\u0026nbsp;execute arbitrary commands as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user. Cisco has assigned this vulnerability a Security Impact Rating (SIR) of High, rather than Medium as the score indicates, because additional security implications could occur once the attacker has become root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T19:09:33.637Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cimc-cmd-inj-3hKN3bVt",
        "defects": [
          "CSCwr60894"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Integrated Management Controller Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20096",
    "datePublished": "2026-04-01T16:29:03.545Z",
    "dateReserved": "2025-10-08T11:59:15.369Z",
    "dateUpdated": "2026-04-22T19:09:33.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20147 (GCVE-0-2026-20147)

Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 03:55

Title

Cisco Identity Services Engine Remote Code Execution Vulnerability

Summary

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Severity

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

2 products

Vendor	Product	Version
Cisco	Cisco Identity Services Engine Software	Affected: 3.1.0 Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p2 Affected: 3.2.0 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.2.0 p1 Affected: 3.1.0 p6 Affected: 3.2.0 p2 Affected: 3.1.0 p7 Affected: 3.3.0 Affected: 3.2.0 p3 Affected: 3.2.0 p4 Affected: 3.1.0 p8 Affected: 3.2.0 p5 Affected: 3.2.0 p6 Affected: 3.1.0 p9 Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.2.0 p7 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.1.0 p10 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3 Affected: 3.5.0 Affected: 3.4 Patch 4 Affected: 3.3 Patch 8 Affected: 3.2 Patch 8 Affected: 3.5 Patch 1 Affected: 3.3 Patch 9 Affected: 3.2 Patch 9 Affected: 3.4 Patch 5 Affected: 3.5 Patch 2
Cisco	Cisco ISE Passive Identity Connector	Affected: 3.2.0 Affected: 3.1.0 Affected: 3.3.0 Affected: 3.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20147",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T03:55:35.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p3"
            },
            {
              "status": "affected",
              "version": "3.1.0 p2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p6"
            },
            {
              "status": "affected",
              "version": "3.2.0 p2"
            },
            {
              "status": "affected",
              "version": "3.1.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p3"
            },
            {
              "status": "affected",
              "version": "3.2.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p8"
            },
            {
              "status": "affected",
              "version": "3.2.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p6"
            },
            {
              "status": "affected",
              "version": "3.1.0 p9"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p10"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 6"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 7"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.5.0"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 8"
            },
            {
              "status": "affected",
              "version": "3.2 Patch 8"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 9"
            },
            {
              "status": "affected",
              "version": "3.2 Patch 9"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.5 Patch 2"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco ISE Passive Identity Connector",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T16:03:25.648Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-rce-traversal-8bYndVrZ",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-rce-traversal-8bYndVrZ",
        "defects": [
          "CSCws52738"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Identity Services Engine Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20147",
    "datePublished": "2026-04-15T16:03:25.648Z",
    "dateReserved": "2025-10-08T11:59:15.385Z",
    "dateUpdated": "2026-04-16T03:55:35.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20163 (GCVE-0-2026-20163)

Vulnerability from cvelistv5 – Published: 2026-03-11 16:18 – Updated: 2026-03-12 13:23

Title

Remote Command Execution (RCE) through the '/splunkd/__upload/indexing/preview' REST endpoint in Splunk Enterprise

Summary

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint.

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Assigner

cisco

References

1 reference

URL	Tags
https://advisory.splunk.com/advisories/SVD-2026-0302

Impacted products

2 products

Vendor	Product	Version
Splunk	Splunk Enterprise	Affected: 10.0 , < 10.0.4 (custom) Affected: 9.4 , < 9.4.9 (custom) Affected: 9.3 , < 9.3.10 (custom)
Splunk	Splunk Cloud Platform	Affected: 10.2.2510 , < 10.2.2510.5 (custom) Affected: 10.0.2503 , < 10.0.2503.12 (custom) Affected: 10.1.2507 , < 10.1.2507.16 (custom) Affected: 9.3.2411 , < 9.3.2411.124 (custom)

Date Public

2026-03-11 00:00

Credits

Danylo Dmytriiev (DDV_UA) <br><br>Gabriel Nitu, Splunk<br><br>James Ervin, Splunk

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20163",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-12T03:55:43.201014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-12T13:23:31.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.0.4",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.9",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.10",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "10.2.2510.5",
              "status": "affected",
              "version": "10.2.2510",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.2503.12",
              "status": "affected",
              "version": "10.0.2503",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.2507.16",
              "status": "affected",
              "version": "10.1.2507",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2411.124",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Danylo Dmytriiev (DDV_UA) \u003cbr\u003e\u003cbr\u003eGabriel Nitu, Splunk\u003cbr\u003e\u003cbr\u003eJames Ervin, Splunk"
        }
      ],
      "datePublic": "2026-03-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint."
            }
          ],
          "value": "In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability `edit_cmd` could execute arbitrary shell commands using the `unarchive_cmd` parameter for the `/splunkd/__upload/indexing/preview` REST endpoint."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T16:18:26.857Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2026-0302"
        }
      ],
      "source": {
        "advisory": "SVD-2026-0302"
      },
      "title": "Remote Command Execution (RCE) through the \u0027/splunkd/__upload/indexing/preview\u0027 REST endpoint in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20163",
    "datePublished": "2026-03-11T16:18:26.857Z",
    "dateReserved": "2025-10-08T11:59:15.389Z",
    "dateUpdated": "2026-03-12T13:23:31.857Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20169 (GCVE-0-2026-20169)

Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:26

Title

Cisco IoT Field Network Director Command Injection Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

Severity

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

1 product

Vendor	Product	Version
Cisco	Cisco IoT Field Network Director (IoT-FND)	Affected: 4.5.1 Affected: 4.4.3 Affected: 4.1.0 Affected: 4.1.3 Affected: 4.6.1 Affected: 4.1.1 Affected: 4.4.0 Affected: 4.2.0 Affected: 4.4.2 Affected: 4.3.0 Affected: 4.6.0 Affected: 4.4.4 Affected: 4.3.2 Affected: 4.1.2 Affected: 4.4.1 Affected: 4.5.0 Affected: 4.3.1 Affected: 4.7.0 Affected: 4.6.2 Affected: 4.7.1 Affected: 4.7.2 Affected: 4.8.0 Affected: 4.8.1 Affected: 4.9.0 Affected: 4.9.1 Affected: 4.10.0 Affected: 4.9.2 Affected: 4.11.0 Affected: 4.12.0 Affected: 4.12.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20169",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T17:26:38.558371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-06T17:26:55.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco IoT Field Network Director (IoT-FND)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.5.1"
            },
            {
              "status": "affected",
              "version": "4.4.3"
            },
            {
              "status": "affected",
              "version": "4.1.0"
            },
            {
              "status": "affected",
              "version": "4.1.3"
            },
            {
              "status": "affected",
              "version": "4.6.1"
            },
            {
              "status": "affected",
              "version": "4.1.1"
            },
            {
              "status": "affected",
              "version": "4.4.0"
            },
            {
              "status": "affected",
              "version": "4.2.0"
            },
            {
              "status": "affected",
              "version": "4.4.2"
            },
            {
              "status": "affected",
              "version": "4.3.0"
            },
            {
              "status": "affected",
              "version": "4.6.0"
            },
            {
              "status": "affected",
              "version": "4.4.4"
            },
            {
              "status": "affected",
              "version": "4.3.2"
            },
            {
              "status": "affected",
              "version": "4.1.2"
            },
            {
              "status": "affected",
              "version": "4.4.1"
            },
            {
              "status": "affected",
              "version": "4.5.0"
            },
            {
              "status": "affected",
              "version": "4.3.1"
            },
            {
              "status": "affected",
              "version": "4.7.0"
            },
            {
              "status": "affected",
              "version": "4.6.2"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.7.2"
            },
            {
              "status": "affected",
              "version": "4.8.0"
            },
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.9.0"
            },
            {
              "status": "affected",
              "version": "4.9.1"
            },
            {
              "status": "affected",
              "version": "4.10.0"
            },
            {
              "status": "affected",
              "version": "4.9.2"
            },
            {
              "status": "affected",
              "version": "4.11.0"
            },
            {
              "status": "affected",
              "version": "4.12.0"
            },
            {
              "status": "affected",
              "version": "4.12.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router.\r\n\r\nThis vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in\u0026nbsp;user EXEC mode on a remote router."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T16:15:48.405Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-iot-fnd-dos-n8N26Q4u",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iot-fnd-dos-n8N26Q4u",
        "defects": [
          "CSCwm80968"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco IoT Field Network Director Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20169",
    "datePublished": "2026-05-06T16:15:48.405Z",
    "dateReserved": "2025-10-08T11:59:15.391Z",
    "dateUpdated": "2026-05-06T17:26:55.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20186 (GCVE-0-2026-20186)

Vulnerability from cvelistv5 – Published: 2026-04-15 16:03 – Updated: 2026-04-16 03:55

Title

Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability

Summary

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Severity

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

1 product

Vendor	Product	Version
Cisco	Cisco Identity Services Engine Software	Affected: 3.1.0 Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p2 Affected: 3.2.0 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.2.0 p1 Affected: 3.1.0 p6 Affected: 3.2.0 p2 Affected: 3.1.0 p7 Affected: 3.3.0 Affected: 3.2.0 p3 Affected: 3.2.0 p4 Affected: 3.1.0 p8 Affected: 3.2.0 p5 Affected: 3.2.0 p6 Affected: 3.1.0 p9 Affected: 3.3 Patch 2 Affected: 3.3 Patch 1 Affected: 3.3 Patch 3 Affected: 3.4.0 Affected: 3.2.0 p7 Affected: 3.3 Patch 4 Affected: 3.4 Patch 1 Affected: 3.1.0 p10 Affected: 3.3 Patch 5 Affected: 3.3 Patch 6 Affected: 3.4 Patch 2 Affected: 3.3 Patch 7 Affected: 3.4 Patch 3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T03:55:36.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p3"
            },
            {
              "status": "affected",
              "version": "3.1.0 p2"
            },
            {
              "status": "affected",
              "version": "3.2.0"
            },
            {
              "status": "affected",
              "version": "3.1.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p6"
            },
            {
              "status": "affected",
              "version": "3.2.0 p2"
            },
            {
              "status": "affected",
              "version": "3.1.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p3"
            },
            {
              "status": "affected",
              "version": "3.2.0 p4"
            },
            {
              "status": "affected",
              "version": "3.1.0 p8"
            },
            {
              "status": "affected",
              "version": "3.2.0 p5"
            },
            {
              "status": "affected",
              "version": "3.2.0 p6"
            },
            {
              "status": "affected",
              "version": "3.1.0 p9"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 3"
            },
            {
              "status": "affected",
              "version": "3.4.0"
            },
            {
              "status": "affected",
              "version": "3.2.0 p7"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 4"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 1"
            },
            {
              "status": "affected",
              "version": "3.1.0 p10"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 5"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 6"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 2"
            },
            {
              "status": "affected",
              "version": "3.3 Patch 7"
            },
            {
              "status": "affected",
              "version": "3.4 Patch 3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to\u0026nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T16:03:35.310Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ise-rce-4fverepv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ise-rce-4fverepv",
        "defects": [
          "CSCwq21242"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20186",
    "datePublished": "2026-04-15T16:03:35.310Z",
    "dateReserved": "2025-10-08T11:59:15.394Z",
    "dateUpdated": "2026-04-16T03:55:36.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2061 (GCVE-0-2026-2061)

Vulnerability from cvelistv5 – Published: 2026-02-06 18:02 – Updated: 2026-02-23 09:26

Title

D-Link DIR-823X set_ipv6 sub_424D20 os command injection

Summary

A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - OS Command Injection
CWE-77 - Command Injection

Assigner

VulDB

References

5 references

URL	Tags
https://vuldb.com/?id.344621	vdb-entrytechnical-description
https://vuldb.com/?ctiid.344621	signaturepermissions-required
https://vuldb.com/?submit.744286	third-party-advisory
https://github.com/master-abc/cve/issues/20	exploitissue-tracking
https://www.dlink.com/	product

Impacted products

1 product

Vendor	Product	Version
D-Link	DIR-823X	Affected: 250416

Credits

942384053 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2061",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T18:45:50.544513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T18:49:05.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DIR-823X",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "250416"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "942384053 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T09:26:45.939Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344621 | D-Link DIR-823X set_ipv6 sub_424D20 os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344621"
        },
        {
          "name": "VDB-344621 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344621"
        },
        {
          "name": "Submit #744286 | D-Link DIR-823X 250416 OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.744286"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/master-abc/cve/issues/20"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-06T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-06T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-12T08:47:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DIR-823X set_ipv6 sub_424D20 os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2061",
    "datePublished": "2026-02-06T18:02:09.216Z",
    "dateReserved": "2026-02-06T06:34:43.625Z",
    "dateUpdated": "2026-02-23T09:26:45.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2063 (GCVE-0-2026-2063)

Vulnerability from cvelistv5 – Published: 2026-02-06 19:02 – Updated: 2026-02-23 09:27

Title

D-Link DIR-823X Web Management set_ac_server os command injection

Summary

A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Severity

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.7 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-78 - OS Command Injection
CWE-77 - Command Injection

Assigner

VulDB

References

5 references

URL	Tags
https://vuldb.com/?id.344623	vdb-entrytechnical-description
https://vuldb.com/?ctiid.344623	signaturepermissions-required
https://vuldb.com/?submit.744720	third-party-advisory
https://github.com/master-abc/cve/issues/19	exploitissue-tracking
https://www.dlink.com/	product

Impacted products

1 product

Vendor	Product	Version
D-Link	DIR-823X	Affected: 250416

Credits

jiefengliang (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2063",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-06T19:42:48.990451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-06T19:43:17.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Web Management Interface"
          ],
          "product": "DIR-823X",
          "vendor": "D-Link",
          "versions": [
            {
              "status": "affected",
              "version": "250416"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jiefengliang (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of the argument ac_server results in os command injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.8,
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-23T09:27:15.277Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-344623 | D-Link DIR-823X Web Management set_ac_server os command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.344623"
        },
        {
          "name": "VDB-344623 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.344623"
        },
        {
          "name": "Submit #744720 | dlink DIR-823X 250416 OS Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.744720"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/master-abc/cve/issues/19"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.dlink.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-06T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-02-06T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-02-12T08:47:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D-Link DIR-823X Web Management set_ac_server os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-2063",
    "datePublished": "2026-02-06T19:02:09.658Z",
    "dateReserved": "2026-02-06T06:40:14.410Z",
    "dateUpdated": "2026-02-23T09:27:15.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2026-2000 (GCVE-0-2026-2000)

CVE-2026-20094 (GCVE-0-2026-20094)

CVE-2026-20095 (GCVE-0-2026-20095)

CVE-2026-20096 (GCVE-0-2026-20096)

CVE-2026-20147 (GCVE-0-2026-20147)

CVE-2026-20163 (GCVE-0-2026-20163)

CVE-2026-20169 (GCVE-0-2026-20169)

CVE-2026-20186 (GCVE-0-2026-20186)

CVE-2026-2061 (GCVE-0-2026-2061)

CVE-2026-2063 (GCVE-0-2026-2063)

Mitigation

Mitigation

Mitigation ID: MIT-5

Mitigation

Mitigation

CAPEC-136: LDAP Injection

CAPEC-15: Command Delimiters

CAPEC-183: IMAP/SMTP Command Injection

CAPEC-248: Command Injection

CAPEC-40: Manipulating Writeable Terminal Devices

CAPEC-43: Exploiting Multiple Input Interpretation Layers

CAPEC-75: Manipulating Writeable Configuration Files

CAPEC-76: Manipulating Web Input to File System Calls