CVE-2026-20094
Command Injection in Cisco IMC Web Interface Allows Root Access
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | imc | * |
| cisco | integrated_management_controller | * |
| cisco | catalyst_8300_series_edge_ucpe | to 4.18.3 (inc) |
| cisco | ucs_c-series_m5_rack_servers | to 4.3(2.260007) (inc) |
| cisco | ucs_c-series_m6_rack_servers | to 4.3(6.260017) (inc) |
| cisco | ucs_e-series_m6 | to 4.15.3 (inc) |
| cisco | ucs_s-series_storage_servers | to 4.3(6.260017) (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20094 is a high-severity command injection vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC).
It allows an authenticated remote attacker with only read-only privileges to send specially crafted commands to the interface, which are improperly validated, resulting in arbitrary command execution on the underlying operating system with root user privileges.
This means that even users with limited access can escalate their privileges to full control of the system by exploiting this flaw.
How can this vulnerability impact me? :
This vulnerability can have a severe impact because it allows an attacker with only read-only access to execute arbitrary commands as the root user on the affected system.
Such unauthorized root-level access can lead to complete system compromise, including data theft, system manipulation, disruption of services, and installation of persistent malware.
Since the attacker can escalate privileges from limited access to full control, the risk to confidentiality, integrity, and availability of the system is very high.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires authentication with at least read-only privileges to the Cisco IMC web-based management interface. Detection involves verifying if your systems are running vulnerable versions of Cisco IMC software on affected hardware such as Catalyst 8300 Series Edge uCPE, UCS C-Series M5 and M6 Rack Servers in standalone mode, UCS E-Series M6 Servers, or UCS S-Series Storage Servers in standalone mode.
There are no specific detection commands or network signatures provided in the available information. Since the vulnerability involves command injection via crafted input to the web interface, detection typically involves checking software versions and monitoring for unusual command execution or access patterns.
To detect if your system is vulnerable, you should:
- Check the Cisco IMC software version on your devices and compare it against the fixed versions released by Cisco.
- Review access logs for the web-based management interface for any suspicious or unauthorized command execution attempts.
- Use Cisco security advisories and tools to verify if your devices are affected.
What immediate steps should I take to mitigate this vulnerability?
There are no workarounds available for this vulnerability. The only effective mitigation is to upgrade the Cisco IMC software to the fixed versions provided by Cisco.
Immediate mitigation steps include:
- Identify all affected Cisco devices running vulnerable IMC versions.
- Upgrade to the fixed software releases as recommended by Cisco, for example:
- - Catalyst 8300 Series Edge uCPE: upgrade Cisco NFVIS to 4.18.3 or later.
- - UCS C-Series M5 and M6 Rack Servers: upgrade Cisco IMC to 4.3(2.260007) or 4.3(6.260017) respectively.
- - UCS E-Series M6: upgrade Cisco IMC to 4.15.3 or later.
- - UCS S-Series Storage Servers: upgrade Cisco IMC to 4.3(6.260017) or later.
- Follow specific upgrade procedures for Cisco appliances based on UCS C-Series Servers, often involving the Cisco Host Upgrade Utility (HUU).
- Restrict access to the web-based management interface to trusted users only and monitor for suspicious activity until upgrades are applied.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability directly affects compliance with common standards and regulations such as GDPR or HIPAA.