CVE-2026-20155
Improper Authorization in Cisco EPNM REST API Exposes Sessions
Publication date: 2026-04-01
Last updated on: 2026-04-01
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | evolved_programmable_network_manager | * |
| cisco | evolved_programmable_network_manager | to 8.0|start_including=8.1.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20155 is a high-severity vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM). It is caused by improper authorization checks on a REST API endpoint.
An authenticated remote attacker with low privileges can exploit this flaw by querying the vulnerable endpoint to access sensitive information, specifically session details of active EPNM users, including those with administrative privileges.
This exposure could lead to the compromise of the affected device.
How can this vulnerability impact me? :
This vulnerability allows an attacker with low privileges to access sensitive session information of active users, including administrators, on the Cisco EPNM device.
Such unauthorized access could lead to the compromise of the affected device, potentially allowing further malicious actions or control over the network management system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or methods provided to identify this vulnerability on your network or system.
The vulnerability involves improper authorization checks on a REST API endpoint in Cisco EPNM's web-based management interface, which an authenticated attacker could query to access sensitive session information.
Since the vulnerability requires authentication and targets a specific REST API endpoint, detection would likely involve monitoring for unusual or unauthorized queries to this endpoint or reviewing access logs for suspicious activity.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Cisco Evolved Programmable Network Manager (EPNM) to version 8.1.2 or later, where the vulnerability has been fixed.
No workarounds or alternative mitigations are available according to the advisory.
It is also recommended to contact Cisco TAC for assistance, providing product serial numbers and advisory references if needed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated remote attacker with low privileges to access sensitive information, including session details of active users with administrative privileges. This unauthorized access to sensitive data could potentially lead to a compromise of the affected device.
Such exposure of sensitive information may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and protection against unauthorized disclosure.
However, the provided information does not explicitly discuss the direct impact on compliance with these standards or any specific regulatory implications.