CVE-2026-20097
Remote Code Execution via Input Validation Flaw in Cisco IMC
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | imc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco IMC. It allows an authenticated remote attacker who already has admin-level privileges to execute arbitrary code with root user privileges. The root cause is improper validation of user-supplied input to the web interface. An attacker can exploit this by sending specially crafted HTTP requests to the affected device, potentially gaining full control over the underlying operating system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to execute arbitrary code as the root user on the affected device. This means the attacker could gain complete control over the system, potentially leading to unauthorized access, data manipulation, disruption of services, or further attacks within the network.