CVE-2026-20099
Command Injection in Cisco FXOS and UCS Manager Enables Root Access
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | fxos_software | * |
| cisco | ucs_manager_software | * |
| cisco | ucs_manager_software | to 4.3(6c) (exc) |
| cisco | ucs_fabric_interconnects | From 4.3(6c) (inc) |
| cisco | firepower_2100_series | * |
| cisco | firepower_4100_series | * |
| cisco | firepower_9300_security_appliances | * |
| cisco | ucs_6300_series | * |
| cisco | ucs_6400_series | * |
| cisco | ucs_6500_series | * |
| cisco | ucs_x_series_direct_fabric_interconnects | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Cisco provides the Cisco Software Checker tool to help customers identify affected software versions and fixed releases related to this vulnerability.
Detection involves verifying if your devices are running vulnerable releases of Cisco FXOS Software or Cisco UCS Manager Software, particularly versions 4.2 and earlier for UCS Fabric Interconnects.
No specific detection commands are provided in the available resources.
Can you explain this vulnerability to me?
CVE-2026-20099 is a medium-severity command injection vulnerability affecting the web-based management interfaces of Cisco FXOS Software and Cisco UCS Manager Software.
It allows an authenticated local attacker with administrative privileges to perform command injection by submitting crafted input to vulnerable commands due to insufficient input validation of user-supplied command arguments.
Successful exploitation enables the attacker to execute arbitrary commands on the underlying operating system with root-level privileges, leading to full system compromise.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can lead to a full system compromise because an attacker who is already authenticated with administrative privileges can escalate their privileges to root.'}, {'type': 'paragraph', 'content': "The attacker can execute arbitrary commands on the affected device's operating system, potentially leading to loss of confidentiality, integrity, and availability of the system."}, {'type': 'list_item', 'content': 'Loss of sensitive data confidentiality'}, {'type': 'list_item', 'content': 'Unauthorized modification or deletion of data'}, {'type': 'list_item', 'content': 'Disruption or denial of service due to system compromise'}] [1]
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds or mitigations available for this vulnerability.
Cisco strongly recommends upgrading to fixed software releases to remediate the vulnerability.
- For UCS Fabric Interconnects, upgrade to version 4.3(6c) or later; version 6.0 is not vulnerable.
- Obtain fixed software through Cisco or authorized partners.
- Ensure compatibility with your hardware and configurations before upgrading.