CVE-2026-20123
Unknown Unknown - Not Provided
Open Redirect Vulnerability in Cisco EPNM and Prime Interface

Publication date: 2026-02-04

Last updated on: 2026-03-10

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-14
NVD
CVE-2026-20123
EUVD
EUVD-2026-5424
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
cisco prime_infrastructure 3.10.6
cisco prime_infrastructure to 3.9 (inc)
cisco prime_infrastructure From 3.10 (inc) to 3.10.6 (inc)
cisco evolved_programmable_network_manager to 8.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20123 is an open redirect vulnerability in the web-based management interfaces of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure.

It occurs due to improper input validation of parameters in HTTP requests, which allows an unauthenticated, remote attacker to intercept and modify these requests.

By exploiting this flaw, the attacker can redirect users to malicious web pages.

Impact Analysis

This vulnerability can impact you by enabling an attacker to redirect users of the affected Cisco management interfaces to malicious websites.

Such redirection could lead to phishing attacks, malware downloads, or other malicious activities that compromise user security.

The vulnerability requires no privileges and has low attack complexity but does require user interaction.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves improper input validation of HTTP request parameters that can be exploited by intercepting and modifying HTTP requests to redirect users to malicious web pages.

There are no specific detection commands or tools mentioned in the provided resources to identify this vulnerability on your network or system.

Mitigation Strategies

Cisco has released fixed software versions to remediate this vulnerability: Cisco EPNM 8.1.1 and later, and Cisco Prime Infrastructure 3.10.6 and later.

The recommended immediate step is to upgrade affected systems to these fixed software versions.

No workarounds are available, so upgrading is the only effective mitigation.

Ensure to obtain the fixed software through Cisco or authorized partners and verify compatibility with your hardware and software configurations before upgrading.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20123. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart