Skip to main content

Cisco

5526 CVEs vendor

Monthly

CVE-2026-20187 HIGH This Week

Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected collaboration endpoints and room-based video devices through improper handling of exceptional conditions (CWE-703). The issue was internally discovered by Cisco's RoomOS engineering team as part of a hardening release bundling multiple flaws under this identifier, carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), and has no public exploit identified at time of analysis. Note that the CVSS vector reflects availability-only impact even though a source tag labels it 'Information Disclosure,' a discrepancy defenders should verify against the Cisco advisory.

Cisco Information Disclosure Cisco Roomos Software
NVD
CVSS 3.1
7.5
CVE-2026-20158 HIGH This Week

Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 3.1
7.5
CVE-2026-20153 HIGH This Week

Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 3.1
7.5
CVE-2026-20157 HIGH This Week

Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.

Cisco Information Disclosure Cisco Roomos Software
NVD
CVSS 3.1
7.5
CVE-2026-20156 HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.1
CVE-2026-20146 MEDIUM This Month

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, authenticated attacker with administrative credentials to read or delete arbitrary files on the underlying operating system via crafted HTTP requests. Successful exploitation could expose sensitive configuration or credential files, or trigger destructive deletion of system files. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the high confidentiality impact and the critical role ISE plays in enterprise network access control make this notable for environments running affected versions.

Path Traversal Cisco Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD
CVSS 3.1
5.5
CVE-2026-20150 HIGH This Week

Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass Cisco Cisco Roomos Software
NVD
CVSS 3.1
8.8
CVE-2026-24700 HIGH This Week

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24699 HIGH This Week

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24698 HIGH This Week

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. Publicly available exploit code exists (SSVC exploitation status: poc) but the flaw is not listed in CISA KEV.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-24697 HIGH This Week

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote administrator inject arbitrary shell commands through the wan_hostname parameter, which is passed unsanitized into the start_bonjour() routine of the 'rc' binary. Because the 'rc' process runs as root, successful exploitation yields full command execution and complete device takeover. Publicly available exploit details exist in an IoT vulnerability write-up; there is no evidence of active exploitation (not in CISA KEV) and no EPSS score was provided.

Command Injection Cisco Rv130 Firmware Rv130W Firmware Rv110W Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-46292 PyPI HIGH POC PATCH GHSA This Week

Python Cisco Buffer Overflow Suse
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46295 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46294 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46293 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46291 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46290 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46289 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46280 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-44451 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43607 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-43467 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-42885 PyPI HIGH PATCH GHSA This Week

Python Cisco Information Disclosure Memory Corruption Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41793 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-37331 PyPI HIGH PATCH GHSA This Week

Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2026-20191 HIGH This Week

Arbitrary file read in Cisco Catalyst Center lets an unauthenticated, remote attacker retrieve files from a restricted container by sending a crafted HTTP request that abuses insufficient input validation (path traversal, CWE-22). Rated CVSS 7.5 (confidentiality-only impact), it exposes sensitive container-side data without any credentials or user interaction. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Path Traversal Cisco
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-20178 MEDIUM This Month

Open redirect in the browser-based Cisco Webex App allowed unauthenticated remote attackers to redirect users to attacker-controlled websites by crafting malicious URLs with manipulated parameters. The vulnerability (CWE-601) stems from improper input validation of URL parameters in HTTP requests and scores CVSS 4.3 Medium (AV:N/AC:L/PR:N/UI:R). Cisco has fully remediated this server-side with no customer action required; no public exploit or CISA KEV listing exists at time of analysis.

Cisco Open Redirect Cisco Webex App
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2026-20246 MEDIUM This Month

Privilege escalation in the Cisco Umbrella Virtual Appliance vmadmin CLI enables an authenticated local attacker holding vmadmin-level credentials to elevate access to root on the affected device. The flaw, classified as CWE-269 (Improper Privilege Management), arises because the vmadmin CLI does not adequately validate or restrict specific commands that can be leveraged as a privilege escalation path. No public exploit code has been identified and the CVE is not listed in the CISA KEV catalog at time of analysis; the CVSS 6.0 Medium score reflects the high-privilege prerequisite that meaningfully constrains the realistic attacker pool.

Cisco Privilege Escalation Cisco Umbrella Insights Virtual Appliance
NVD VulDB
CVSS 3.1
6.0
EPSS
0.1%
CVE-2026-20220 MEDIUM This Month

Authenticated remote OS command injection in Cisco Crosswork Network Controller's web-based management interface allows a threat actor holding valid template user credentials with write permissions to execute arbitrary commands on the underlying operating system. The flaw resides in the configuration template engine, which fails to adequately validate attacker-supplied input before processing it, enabling CWE-74 injection. Impact is bounded to filesystem areas where the template user holds write access, reducing blast radius compared to full OS compromise; however, on a network automation controller, even scoped command execution can expose sensitive network configurations and automation workflows. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Cisco Information Disclosure Cisco Crosswork Network Change Automation
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-20190 HIGH NEWS This Week

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unauthenticated remote attackers to retrieve sensitive data - including hashed credentials - by sending crafted traffic to an affected device. The root cause is missing authorization checks on a protected resource (CWE-285), making this an authentication-bypass-style information leak. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Cisco Authentication Bypass Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20181 CRITICAL NEWS Act Now

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis.

Path Traversal Cisco Denial Of Service Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-20262 MEDIUM POC KEV THREAT NEWS This Month

Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline.

Path Traversal Cisco File Upload Cisco Catalyst Sd Wan Manager
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
1.7%
Threat
4.4
CVE-2026-20245 HIGH POC KEV THREAT NEWS Act Now

Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis.

Command Injection Cisco
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.1%
Threat
4.6
CVE-2026-20230 HIGH POC KEV THREAT NEWS Act Now

Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. No public exploit identified at time of analysis, and exploitation requires the non-default WebDialer service to be enabled.

SSRF Cisco Cisco Unified Communications Manager
NVD VulDB GitHub
CVSS 3.1
8.6
EPSS
0.0%
Threat
4.7
CVE-2026-20175 MEDIUM This Month

Remote File Inclusion (RFI) in Cisco Finesse enables unauthenticated remote attackers to load attacker-controlled files into an active user's browser session by exploiting insufficient validation of user-supplied HTTP request parameters. Exploitation requires social engineering an authenticated Finesse user into clicking a crafted URL referencing the affected device - no server-side authentication is needed from the attacker's perspective. A successful attack results in arbitrary JavaScript execution within the Finesse interface context (browser-based XSS-class impact) or unauthorized access to sensitive contact center information; no public exploit identified at time of analysis.

RCE Cisco
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20233 MEDIUM This Month

Cross-site scripting in Cisco Webex Meetings' web-based UI allowed unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by persuading them to follow a crafted malicious link. Insufficient input validation (CWE-79) in the Webex Meetings web interface is the root cause; the Changed Scope (S:C) in the CVSS vector indicates impact extends beyond the Webex application into the broader browser context, enabling session theft or browser-based data access. Cisco has fully remediated this server-side in the Webex cloud service, and no customer action is required. No public exploit code identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

XSS Cisco
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20199 HIGH This Week

Command injection in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance lets an authenticated administrator upload a crafted certificate to execute arbitrary commands as root on the underlying operating system. The flaw stems from insufficient validation of user-supplied input (CWE-74) and carries a CVSS 7.2 (High) rating; the elevated impact comes from full root-level code execution despite the high-privilege precondition. No public exploit identified at time of analysis, and EPSS is very low at 0.04% (13th percentile), consistent with the CISA SSVC determination of no observed exploitation.

RCE Cisco Cisco Thousandeyes Enterprise Agent
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-20171 MEDIUM This Month

BGP session flapping denial-of-service in Cisco NX-OS on Nexus 3000 and 9000 Series Switches exposes data-center routing infrastructure to disruption from unauthenticated remote attackers. The flaw resides in the enforce-first-as BGP feature, where incorrect parsing of a transitive BGP attribute causes an affected switch to drop its BGP peer session and enter a flap loop upon receiving a crafted BGP UPDATE message. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis, though the Changed scope in the CVSS vector reflects that the instability can propagate beyond the directly attacked peer, amplifying network-wide impact.

Denial Of Service Cisco
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-20206 MEDIUM This Month

Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS users with transaction test management privileges to execute arbitrary OS commands inside the BrowserBot container as the unprivileged 'node' user. Exploitation requires valid ThousandEyes SaaS credentials and the ability to manage transaction tests, scoping the realistic threat primarily to insiders and compromised privileged accounts. Cisco has already deployed a remediation server-side; no customer action is required. No public exploit code or CISA KEV listing exists at time of analysis.

Cisco Command Injection
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-20223 CRITICAL NEWS Act Now

Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions.

Authentication Bypass Cisco Cisco Secure Workload
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-20224 HIGH NEWS This Week

Remote file disclosure in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to read arbitrary system files via XML External Entity (XXE) injection in the web UI. The vulnerability affects the management interface with network-accessible attack vector, low complexity, and no required privileges (CVSS 8.6). Attackers can extract sensitive configuration files, credentials, and operational data from the SD-WAN management platform. EPSS data not provided; exploitation status unknown but the unauthenticated remote vector and publicly disclosed Cisco advisory elevate real-world risk for internet-exposed instances.

XXE Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-20210 MEDIUM This Month

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20209 MEDIUM This Month

Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20182 CRITICAL POC KEV THREAT NEWS Emergency

Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments.

Authentication Bypass Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB GitHub
CVSS 3.1
10.0
EPSS
1.6%
Threat
5.0
CVE-2026-20219 MEDIUM This Month

Insecure direct object reference (IDOR) in Cisco Slido REST API allows authenticated remote attackers to view other users' social profile data and manipulate quiz or poll results. The vulnerability requires valid authentication but no user interaction, affecting confidentiality and integrity of user data and poll integrity. Cisco has released a patched version; no public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Cisco
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20034 HIGH This Week

Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.

RCE Cisco Cisco Unity Connection
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-20035 HIGH This Week

Server-Side Request Forgery (SSRF) in Cisco Unity Connection Web Inbox allows remote unauthenticated attackers to send arbitrary network requests sourced from the vulnerable server. The vulnerability affects the web UI component and requires no authentication, privileges, or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), enabling attackers to abuse the server's network position for internal network reconnaissance, service enumeration, or attacks against backend systems. The changed scope (S:C) indicates impact extends beyond the vulnerable component to other network resources accessible from the Unity Connection server.

SSRF Cisco Cisco Unity Connection
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-20167 HIGH This Week

Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely managed routers by submitting crafted requests through the web-based management interface. The vulnerability causes improper error handling that allows requesting unauthorized files from managed routers, forcing them to reload and creating a denial-of-service condition (CVSS 7.7, Changed Scope). No public exploit or active exploitation reported at time of analysis.

Authentication Bypass Cisco Cisco Iot Field Network Director Iot Fnd
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-20169 MEDIUM This Month

Cisco IoT Field Network Director's web-based management interface allows authenticated remote attackers with low privileges to execute arbitrary commands and access files on managed routers via insufficient input validation in the web interface. The vulnerability enables file creation, deletion, read operations, and execution of limited commands in user EXEC mode on remote routers. CVSS 6.4 (medium severity); no active exploitation or public POC identified at time of analysis.

Command Injection Cisco Cisco Iot Field Network Director Iot Fnd
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-20168 MEDIUM This Month

Authenticated remote attackers with low privileges can read arbitrary files via insufficient access controls in the web-based management interface of Cisco IoT Field Network Director. Exploitation requires valid login credentials and submission of crafted input through the management UI; successful attacks result in unauthorized file disclosure but do not enable modification or system disruption. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Cisco Cisco Iot Field Network Director Iot Fnd
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20172 MEDIUM This Month

Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.

File Upload Cisco
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20188 HIGH POC This Week

Denial of service in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) allows remote unauthenticated attackers to exhaust connection resources by flooding the system with connection requests, forcing a manual reboot to restore service. CVSS 7.5 (High) with network vector and no authentication required. No public exploit code identified at time of analysis, and EPSS data not available. The vulnerability stems from inadequate rate-limiting on incoming connections (CWE-400), affecting critical network orchestration infrastructure used for automation and service provisioning.

Denial Of Service Cisco
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20189 MEDIUM This Month

Cisco Prime Infrastructure log file download functionality fails to enforce proper authorization checks, allowing authenticated remote attackers to download arbitrary log files beyond their access level. An attacker with valid web management interface credentials can submit crafted URL requests to the affected download service API to retrieve sensitive logs, resulting in confidential information disclosure. CVSS score of 4.3 reflects low immediate impact but legitimate data exposure risk for organizations using this management platform.

Authentication Bypass Cisco Cisco Prime Infrastructure
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20185 HIGH This Week

Cisco SG350 and SG350X managed switches can be remotely crashed via crafted SNMP requests, forcing unexpected device reloads. Authenticated attackers with valid SNMP credentials (read-only or read-write community strings for SNMPv1/v2c, or user credentials for SNMPv3) can trigger a heap-based buffer overflow in SNMP response parsing. Cisco confirmed this vulnerability affects all three SNMP versions (v1, v2c, v3) and published advisory cisco-sa-sg350-snmp-dos-GEFZr2Tj. EPSS and KEV status not provided in available data; exploitation requires network access with low complexity but does require valid SNMP authentication.

Heap Overflow Denial Of Service Buffer Overflow Cisco
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-20193 MEDIUM This Month

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADIUS Policy API endpoints and gain unauthorized read access to sensitive policy details through direct API calls. The vulnerability affects ISE software across versions due to improper RBAC enforcement on API endpoints, enabling privilege escalation from read-only to unauthorized data disclosure. CVSS score is 4.3 with low attack complexity, but exploitation requires valid administrative credentials.

Authentication Bypass Cisco Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20195 MEDIUM This Month

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity management API endpoint by analyzing differentiated error responses to crafted requests. The vulnerability enables account enumeration with no authentication required, network-accessible attack surface, and low complexity exploitation, resulting in partial information disclosure of valid usernames on affected systems.

Information Disclosure Cisco Cisco Identity Services Engine Software
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-5944 MEDIUM PATCH This Month

Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.

Cisco Authentication Bypass
NVD VulDB
CVSS 4.0
6.7
EPSS
0.1%
CVE-2026-20136 MEDIUM This Month

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.

Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
6.0
EPSS
0.1%
CVE-2026-20059 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20061 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.

Cisco SQLi
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-20060 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

Open Redirect Cisco
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-20170 MEDIUM This Month

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.

Cisco XSS Cisco Webex Contact Center
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-20184 CRITICAL NEWS Act Now

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Authentication Bypass Cisco
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-20180 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Path Traversal Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20152 MEDIUM This Month

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.

Authentication Bypass Cisco
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-20161 MEDIUM This Month

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.

Authentication Bypass Cisco
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20186 CRITICAL NEWS Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20148 MEDIUM This Month

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

Cisco Path Traversal Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20147 CRITICAL NEWS Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection Cisco Identity Services Engine Software Cisco Ise Passive Identity Connector
NVD VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-20081 MEDIUM This Month

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20078 MEDIUM This Month

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.

Cisco Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20132 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

Cisco XSS Cisco Identity Services Engine Software
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20090 MEDIUM This Month

Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code executed in users' browsers via insufficient input validation. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco UCS E-Series Software. Requires administrative privileges and user interaction (clicking a crafted link), resulting in session hijacking, credential theft, or unauthorized access to sensitive browser-based information. No public exploit code identified at time of analysis.

XSS Cisco
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20089 MEDIUM This Month

Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject persistent malicious scripts that execute in other users' browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series. No public exploit code or active exploitation confirmed; patch availability not independently verified from provided data.

Cisco XSS
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20087 MEDIUM This Month

Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code via insufficient input validation. Attackers with admin privileges can craft malicious links that execute JavaScript in the browsers of other users accessing the interface, potentially compromising session security, stealing credentials, or accessing sensitive information. No public exploit code or active exploitation has been confirmed; the vulnerability requires administrator privileges and user interaction to trigger.

Cisco XSS
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20088 MEDIUM This Month

Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject malicious script code that executes in the browsers of other users accessing the interface. An attacker with administrative credentials can exploit insufficient input validation by crafting a malicious link and tricking a user into clicking it, enabling arbitrary script execution or theft of sensitive browser-based information. No public exploit code or active exploitation has been identified at time of analysis.

Cisco XSS
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-20160 CRITICAL NEWS Act Now

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-20174 MEDIUM This Month

Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. This vulnerability affects Cisco Nexus Dashboard and Nexus Dashboard Insights deployments, particularly those using manual metadata uploads in air-gap environments. CVSS score of 4.9 reflects the requirement for high-privilege authentication, though the integrity impact is rated as high given the ability to write files as root.

Cisco Path Traversal Cisco Nexus Dashboard Cisco Nexus Dashboard Insights
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20151 HIGH This Week

Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-20155 HIGH This Week

Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.

Cisco Authentication Bypass Cisco Evolved Programmable Network Manager Epnm
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-20096 MEDIUM This Month

Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.

Cisco Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20097 MEDIUM This Month

Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.

Cisco RCE Memory Corruption Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20094 HIGH This Week

Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.

Cisco Command Injection
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-20095 MEDIUM This Month

Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover.

Cisco Command Injection
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-20093 CRITICAL POC NEWS Act Now

Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.

Cisco Authentication Bypass
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-20085 MEDIUM This Month

Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.

Cisco XSS
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20041 MEDIUM This Month

Server-side request forgery in Cisco Nexus Dashboard and Nexus Dashboard Insights allows unauthenticated remote attackers to conduct SSRF attacks by tricking authenticated users into clicking malicious links, enabling arbitrary network requests from the affected device and potential execution of arbitrary script code or access to sensitive browser data. CVSS 6.1 with no public exploit or active exploitation confirmed at time of analysis.

Cisco SSRF
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-20042 MEDIUM This Month

Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.

Cisco Information Disclosure Cisco Nexus Dashboard
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-20108 MEDIUM This Month

Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.

Cisco XSS Cisco Catalyst Sd Wan Manager
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-20112 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. This vulnerability requires valid administrative credentials and user interaction but poses a significant risk in multi-administrator environments where privilege escalation or lateral movement could occur.

Cisco XSS Apple
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVSS 7.5
HIGH This Week

Denial of service in Cisco RoomOS software allows remote unauthenticated attackers to exhaust availability of affected collaboration endpoints and room-based video devices through improper handling of exceptional conditions (CWE-703). The issue was internally discovered by Cisco's RoomOS engineering team as part of a hardening release bundling multiple flaws under this identifier, carries a CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), and has no public exploit identified at time of analysis. Note that the CVSS vector reflects availability-only impact even though a source tag labels it 'Information Disclosure,' a discrepancy defenders should verify against the Cisco advisory.

Cisco Information Disclosure Cisco Roomos Software
NVD
CVSS 7.5
HIGH This Week

Remote denial of service in Cisco RoomOS software allows unauthenticated attackers to exhaust or corrupt a resource over the network, disrupting availability of Cisco collaboration room endpoints. Disclosed as part of a Cisco-internal security hardening review under the CWE-664 resource-lifetime pillar, the flaw carries a 7.5 CVSS score with an availability-only impact (C:N/I:N/A:H). No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 7.5
HIGH This Week

Denial of service in Cisco RoomOS software allows remote, unauthenticated attackers to disrupt device availability through improperly validated input, resulting in a high availability impact (CVSS 7.5). The flaw was internally discovered during a Cisco engineering security review and shipped in a software hardening release bundling multiple CWE-20 input-validation issues. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Cisco Information Disclosure Cisco Roomos Software
NVD VulDB
CVSS 7.5
HIGH This Week

Sensitive information disclosure affects Cisco RoomOS software running on Cisco collaboration room endpoints, where missing encryption (CWE-311) exposes data to an attacker positioned on the adjacent network. An adjacent, unauthenticated attacker who can intercept or manipulate traffic could access confidential information and potentially tamper with it, though successful exploitation carries high attack complexity. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was internally discovered by Cisco's RoomOS engineering team during a proactive hardening review.

Cisco Information Disclosure Cisco Roomos Software
NVD
CVSS 8.1
HIGH This Week

Memory-corruption vulnerabilities in Cisco RoomOS Software (the operating system on Cisco/Webex collaboration room endpoints) allow remote, unauthenticated attackers to trigger buffer-boundary violations that can compromise device confidentiality, integrity, and availability (CVSS 8.1). The flaws were internally discovered by Cisco's RoomOS engineering team during a proactive security review and are grouped under the CWE-119 buffer-error pillar; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV. High attack complexity (AC:H) reduces the practical ease of exploitation despite the network-facing, no-privilege vector.

Buffer Overflow Cisco Cisco Roomos Software
NVD
CVSS 5.5
MEDIUM This Month

Path traversal in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows a remote, authenticated attacker with administrative credentials to read or delete arbitrary files on the underlying operating system via crafted HTTP requests. Successful exploitation could expose sensitive configuration or credential files, or trigger destructive deletion of system files. No public exploit code and no CISA KEV listing have been identified at time of analysis, but the high confidentiality impact and the critical role ISE plays in enterprise network access control make this notable for environments running affected versions.

Path Traversal Cisco Cisco Identity Services Engine Software +1
NVD
CVSS 8.8
HIGH This Week

Privilege escalation via improper access control in Cisco RoomOS software allows an authenticated attacker with low-level privileges to gain full control over affected collaboration endpoints, with high impact to confidentiality, integrity, and availability. The issue was discovered internally by Cisco's RoomOS engineering team during a proactive security review and is one of several access-control weaknesses grouped under CVE-2026-20150 and resolved in a single hardening release. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV.

Authentication Bypass Cisco Cisco Roomos Software
NVD
EPSS 1% CVSS 7.2
HIGH This Week

An OS command injection vulnerability exists in the start_lltd() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The machine_name configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

An OS command injection vulnerability exists in the sub_34984() function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lan_ipv6_prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remote attacker to execute arbitrary OS commands with root privileges.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

Root-level OS command injection in Cisco RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8) small-business routers lets an authenticated remote attacker run arbitrary commands via the unsanitized model_name parameter in the httpd binary's save_syslog_to_file() function. Because injected commands run as root, successful exploitation yields full device takeover. Publicly available exploit code exists (SSVC exploitation status: poc) but the flaw is not listed in CISA KEV.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

Root-level OS command injection in Cisco RV130, RV130W, and RV110W small-business routers lets an authenticated remote administrator inject arbitrary shell commands through the wan_hostname parameter, which is passed unsanitized into the start_bonjour() routine of the 'rc' binary. Because the 'rc' process runs as root, successful exploitation yields full command execution and complete device takeover. Publicly available exploit details exist in an IoT vulnerability write-up; there is no evidence of active exploitation (not in CISA KEV) and no EPSS score was provided.

Command Injection Cisco Rv130 Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Python Cisco Buffer Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Cisco Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Python Buffer Overflow Cisco +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Arbitrary file read in Cisco Catalyst Center lets an unauthenticated, remote attacker retrieve files from a restricted container by sending a crafted HTTP request that abuses insufficient input validation (path traversal, CWE-22). Rated CVSS 7.5 (confidentiality-only impact), it exposes sensitive container-side data without any credentials or user interaction. No public exploit identified at time of analysis, and it is not listed in CISA KEV.

Path Traversal Cisco
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Open redirect in the browser-based Cisco Webex App allowed unauthenticated remote attackers to redirect users to attacker-controlled websites by crafting malicious URLs with manipulated parameters. The vulnerability (CWE-601) stems from improper input validation of URL parameters in HTTP requests and scores CVSS 4.3 Medium (AV:N/AC:L/PR:N/UI:R). Cisco has fully remediated this server-side with no customer action required; no public exploit or CISA KEV listing exists at time of analysis.

Cisco Open Redirect Cisco Webex App
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Privilege escalation in the Cisco Umbrella Virtual Appliance vmadmin CLI enables an authenticated local attacker holding vmadmin-level credentials to elevate access to root on the affected device. The flaw, classified as CWE-269 (Improper Privilege Management), arises because the vmadmin CLI does not adequately validate or restrict specific commands that can be leveraged as a privilege escalation path. No public exploit code has been identified and the CVE is not listed in the CISA KEV catalog at time of analysis; the CVSS 6.0 Medium score reflects the high-privilege prerequisite that meaningfully constrains the realistic attacker pool.

Cisco Privilege Escalation Cisco Umbrella Insights Virtual Appliance
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Authenticated remote OS command injection in Cisco Crosswork Network Controller's web-based management interface allows a threat actor holding valid template user credentials with write permissions to execute arbitrary commands on the underlying operating system. The flaw resides in the configuration template engine, which fails to adequately validate attacker-supplied input before processing it, enabling CWE-74 injection. Impact is bounded to filesystem areas where the template user holds write access, reducing blast radius compared to full OS compromise; however, on a network automation controller, even scoped command execution can expose sensitive network configurations and automation workflows. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Cisco Information Disclosure Cisco Crosswork Network Change Automation
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows unauthenticated remote attackers to retrieve sensitive data - including hashed credentials - by sending crafted traffic to an affected device. The root cause is missing authorization checks on a protected resource (CWE-285), making this an authentication-bypass-style information leak. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Cisco Authentication Bypass Cisco Identity Services Engine Software +1
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Authenticated remote command execution in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) allows administrators to run arbitrary OS commands and escalate to root via a crafted HTTP request. The flaw, tracked as CVE-2026-20181 and reported by Cisco with a CVSS 3.1 score of 9.1 (scope-changed), can also crash single-node deployments and deny network access to unauthenticated endpoints. There is no public exploit identified at time of analysis.

Path Traversal Cisco Denial Of Service +2
NVD VulDB
EPSS 2% 4.4 CVSS 6.5
MEDIUM POC KEV THREAT This Month

Arbitrary file write via path traversal in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated low-privileged attacker to create or overwrite any file on the underlying operating system by sending crafted HTTP requests to affected API endpoints. The vulnerability stems from insufficient validation of user-supplied input during the file upload process (CWE-22), and a successful exploit can serve as a reliable stepping stone to root-level privilege escalation on the management host. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV; however, the integrity impact combined with root escalation potential elevates real-world risk above the CVSS 6.5 Medium baseline.

Path Traversal Cisco File Upload +1
NVD VulDB GitHub
EPSS 0% 4.6 CVSS 7.8
HIGH POC KEV THREAT Act Now

Local privilege escalation in Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) allows an authenticated netadmin user to execute arbitrary commands as root by uploading a crafted file through the CLI. Cisco has observed limited real-world exploitation that resulted in unauthorized configuration changes being pushed to downstream edge devices, though the issue is not currently listed in CISA KEV and no public exploit code has been identified at time of analysis.

Command Injection Cisco
NVD VulDB GitHub
EPSS 0% 4.7 CVSS 8.6
HIGH POC KEV THREAT Act Now

Server-side request forgery in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition allows remote unauthenticated attackers to write files to the underlying operating system via crafted HTTP requests, which Cisco notes can be leveraged to escalate to root. Cisco has assigned this a Critical Security Impact Rating despite the 8.6 CVSS score because of the root-escalation pathway. No public exploit identified at time of analysis, and exploitation requires the non-default WebDialer service to be enabled.

SSRF Cisco Cisco Unified Communications Manager
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Remote File Inclusion (RFI) in Cisco Finesse enables unauthenticated remote attackers to load attacker-controlled files into an active user's browser session by exploiting insufficient validation of user-supplied HTTP request parameters. Exploitation requires social engineering an authenticated Finesse user into clicking a crafted URL referencing the affected device - no server-side authentication is needed from the attacker's perspective. A successful attack results in arbitrary JavaScript execution within the Finesse interface context (browser-based XSS-class impact) or unauthorized access to sensitive contact center information; no public exploit identified at time of analysis.

RCE Cisco
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting in Cisco Webex Meetings' web-based UI allowed unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by persuading them to follow a crafted malicious link. Insufficient input validation (CWE-79) in the Webex Meetings web interface is the root cause; the Changed Scope (S:C) in the CVSS vector indicates impact extends beyond the Webex application into the broader browser context, enabling session theft or browser-based data access. Cisco has fully remediated this server-side in the Webex cloud service, and no customer action is required. No public exploit code identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

XSS Cisco
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Command injection in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance lets an authenticated administrator upload a crafted certificate to execute arbitrary commands as root on the underlying operating system. The flaw stems from insufficient validation of user-supplied input (CWE-74) and carries a CVSS 7.2 (High) rating; the elevated impact comes from full root-level code execution despite the high-privilege precondition. No public exploit identified at time of analysis, and EPSS is very low at 0.04% (13th percentile), consistent with the CISA SSVC determination of no observed exploitation.

RCE Cisco Cisco Thousandeyes Enterprise Agent
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

BGP session flapping denial-of-service in Cisco NX-OS on Nexus 3000 and 9000 Series Switches exposes data-center routing infrastructure to disruption from unauthenticated remote attackers. The flaw resides in the enforce-first-as BGP feature, where incorrect parsing of a transitive BGP attribute causes an affected switch to drop its BGP peer session and enter a flap loop upon receiving a crafted BGP UPDATE message. No active exploitation has been confirmed (not in CISA KEV), and no public exploit code has been identified at time of analysis, though the Changed scope in the CVSS vector reflects that the instability can propagate beyond the directly attacked peer, amplifying network-wide impact.

Denial Of Service Cisco
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Command injection in the BrowserBot component of Cisco ThousandEyes Enterprise Agent (CWE-78) allows authenticated SaaS users with transaction test management privileges to execute arbitrary OS commands inside the BrowserBot container as the unprivileged 'node' user. Exploitation requires valid ThousandEyes SaaS credentials and the ability to manage transaction tests, scoping the realistic threat primarily to insiders and compromised privileged accounts. Cisco has already deployed a remediation server-side; no customer action is required. No public exploit code or CISA KEV listing exists at time of analysis.

Cisco Command Injection
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions.

Authentication Bypass Cisco Cisco Secure Workload
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote file disclosure in Cisco Catalyst SD-WAN Manager allows unauthenticated attackers to read arbitrary system files via XML External Entity (XXE) injection in the web UI. The vulnerability affects the management interface with network-accessible attack vector, low complexity, and no required privileges (CVSS 8.6). Attackers can extract sensitive configuration files, credentials, and operational data from the SD-WAN management platform. EPSS data not provided; exploitation status unknown but the unauthenticated remote vector and publicly disclosed Cisco advisory elevate real-world risk for internet-exposed instances.

XXE Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Privilege escalation in Cisco Catalyst SD-WAN Manager allows authenticated users with read-only permissions to elevate privileges to high-privileged user level through exposure of sensitive session information in audit logs. An attacker with initial read-only access can extract high-privilege session credentials from audit logs and impersonate an administrator, bypassing intended access controls. CVSS score 5.4 (medium) reflects the requirement for initial authentication, though the ease of escalation (AC:L) and direct path to administrative capability represent significant risk in multi-tenant or shared SD-WAN deployments.

Information Disclosure Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 2% 5.0 CVSS 10.0
CRITICAL POC KEV THREAT Emergency

Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments.

Authentication Bypass Cisco Cisco Catalyst Sd Wan Manager
NVD VulDB GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Insecure direct object reference (IDOR) in Cisco Slido REST API allows authenticated remote attackers to view other users' social profile data and manipulate quiz or poll results. The vulnerability requires valid authentication but no user interaction, affecting confidentiality and integrity of user data and poll integrity. Cisco has released a patched version; no public exploit code or active exploitation has been identified at the time of analysis.

Authentication Bypass Cisco
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.

RCE Cisco Cisco Unity Connection
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Server-Side Request Forgery (SSRF) in Cisco Unity Connection Web Inbox allows remote unauthenticated attackers to send arbitrary network requests sourced from the vulnerable server. The vulnerability affects the web UI component and requires no authentication, privileges, or user interaction (CVSS AV:N/AC:L/PR:N/UI:N), enabling attackers to abuse the server's network position for internal network reconnaissance, service enumeration, or attacks against backend systems. The changed scope (S:C) indicates impact extends beyond the vulnerable component to other network resources accessible from the Unity Connection server.

SSRF Cisco Cisco Unity Connection
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely managed routers by submitting crafted requests through the web-based management interface. The vulnerability causes improper error handling that allows requesting unauthorized files from managed routers, forcing them to reload and creating a denial-of-service condition (CVSS 7.7, Changed Scope). No public exploit or active exploitation reported at time of analysis.

Authentication Bypass Cisco Cisco Iot Field Network Director Iot Fnd
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Cisco IoT Field Network Director's web-based management interface allows authenticated remote attackers with low privileges to execute arbitrary commands and access files on managed routers via insufficient input validation in the web interface. The vulnerability enables file creation, deletion, read operations, and execution of limited commands in user EXEC mode on remote routers. CVSS 6.4 (medium severity); no active exploitation or public POC identified at time of analysis.

Command Injection Cisco Cisco Iot Field Network Director Iot Fnd
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Authenticated remote attackers with low privileges can read arbitrary files via insufficient access controls in the web-based management interface of Cisco IoT Field Network Director. Exploitation requires valid login credentials and submission of crafted input through the management UI; successful attacks result in unauthorized file disclosure but do not enable modification or system disruption. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Cisco Cisco Iot Field Network Director Iot Fnd
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cisco Enterprise Chat and Email (ECE) Lite Agent feature allows authenticated remote attackers with Agent role credentials to upload files containing malicious scripts or HTML, which are then served to other users without adequate content validation. Successful exploitation enables stored cross-site scripting (XSS) attacks in victim browsers. The vulnerability requires valid user credentials and Agent role privileges but no user interaction on the victim side, affecting confidentiality and integrity but not availability.

File Upload Cisco
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Denial of service in Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) allows remote unauthenticated attackers to exhaust connection resources by flooding the system with connection requests, forcing a manual reboot to restore service. CVSS 7.5 (High) with network vector and no authentication required. No public exploit code identified at time of analysis, and EPSS data not available. The vulnerability stems from inadequate rate-limiting on incoming connections (CWE-400), affecting critical network orchestration infrastructure used for automation and service provisioning.

Denial Of Service Cisco
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cisco Prime Infrastructure log file download functionality fails to enforce proper authorization checks, allowing authenticated remote attackers to download arbitrary log files beyond their access level. An attacker with valid web management interface credentials can submit crafted URL requests to the affected download service API to retrieve sensitive logs, resulting in confidential information disclosure. CVSS score of 4.3 reflects low immediate impact but legitimate data exposure risk for organizations using this management platform.

Authentication Bypass Cisco Cisco Prime Infrastructure
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Cisco SG350 and SG350X managed switches can be remotely crashed via crafted SNMP requests, forcing unexpected device reloads. Authenticated attackers with valid SNMP credentials (read-only or read-write community strings for SNMPv1/v2c, or user credentials for SNMPv3) can trigger a heap-based buffer overflow in SNMP response parsing. Cisco confirmed this vulnerability affects all three SNMP versions (v1, v2c, v3) and published advisory cisco-sa-sg350-snmp-dos-GEFZr2Tj. EPSS and KEV status not provided in available data; exploitation requires network access with low complexity but does require valid SNMP authentication.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cisco Identity Services Engine allows authenticated read-only administrators to bypass role-based access control on RADIUS Policy API endpoints and gain unauthorized read access to sensitive policy details through direct API calls. The vulnerability affects ISE software across versions due to improper RBAC enforcement on API endpoints, enabling privilege escalation from read-only to unauthorized data disclosure. CVSS score is 4.3 with low attack complexity, but exploitation requires valid administrative credentials.

Authentication Bypass Cisco Cisco Identity Services Engine Software
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated remote attackers can enumerate valid user accounts on Cisco Identity Services Engine through an identity management API endpoint by analyzing differentiated error responses to crafted requests. The vulnerability enables account enumeration with no authentication required, network-accessible attack surface, and low complexity exploitation, resulting in partial information disclosure of valid usernames on affected systems.

Information Disclosure Cisco Cisco Identity Services Engine Software
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.

Cisco Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. This vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by providing crafted input to a specific CLI command. A successful exploit could allow the attacker to elevate their privileges to root on the underlying operating system.

Cisco Command Injection Cisco Identity Services Engine Software
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Cisco XSS
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device.

Cisco SQLi
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.

Open Redirect Cisco
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This vulnerability existed because HTML and script content was not properly handled. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by persuading a user to follow a malicious link. A successful exploit could have allowed the attacker to steal sensitive information from the browser, including authentication and session information.

Cisco XSS Cisco Webex Contact Center
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Authentication Bypass Cisco
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Path Traversal +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HTTP requests. An attacker could exploit this vulnerability by sending HTTP requests that contain specific authentication requests to an affected device. A successful exploit could allow the attacker to bypass policy enforcement on the device. There is no direct impact to the Cisco Secure Web Appliance. However, as a result of exploiting this vulnerability, an attacker could send HTTP requests that should be restricted through the device.

Authentication Bypass Cisco
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system of an affected device. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to bypass file system permissions and overwrite arbitrary files on the affected device.

Authentication Bypass Cisco
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.

Cisco Path Traversal Cisco Identity Services Engine Software +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.

Denial Of Service Cisco Command Injection +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.

Cisco Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.

Cisco Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface of an affected device. These vulnerabilities are due to insufficient sanitization of user-supplied data that is stored in the web page. An attacker could exploit these vulnerabilities by convincing a user of the interface to click a specific link or view an affected web page. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.

Cisco XSS Cisco Identity Services Engine Software
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code executed in users' browsers via insufficient input validation. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (Standalone), and Cisco UCS E-Series Software. Requires administrative privileges and user interaction (clicking a crafted link), resulting in session hijacking, credential theft, or unauthorized access to sensitive browser-based information. No public exploit code identified at time of analysis.

XSS Cisco
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject persistent malicious scripts that execute in other users' browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series. No public exploit code or active exploitation confirmed; patch availability not independently verified from provided data.

Cisco XSS
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in Cisco IMC web management interface allows authenticated administrators to inject arbitrary script code via insufficient input validation. Attackers with admin privileges can craft malicious links that execute JavaScript in the browsers of other users accessing the interface, potentially compromising session security, stealing credentials, or accessing sensitive information. No public exploit code or active exploitation has been confirmed; the vulnerability requires administrator privileges and user interaction to trigger.

Cisco XSS
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting (XSS) in Cisco IMC web management interface allows authenticated administrators to inject malicious script code that executes in the browsers of other users accessing the interface. An attacker with administrative credentials can exploit insufficient input validation by crafting a malicious link and tricking a user into clicking it, enabling arbitrary script execution or theft of sensitive browser-based information. No public exploit code or active exploitation has been identified at time of analysis.

Cisco XSS
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Cisco Nexus Dashboard Insights metadata update feature allows authenticated administrators to write arbitrary files to the system with root privileges through path traversal in insufficiently validated metadata files. An attacker with valid administrative credentials can craft and manually upload a malicious metadata file to achieve arbitrary file write access to the underlying operating system. This vulnerability affects Cisco Nexus Dashboard and Nexus Dashboard Insights deployments, particularly those using manual metadata uploads in air-gap environments. CVSS score of 4.9 reflects the requirement for high-privilege authentication, though the integrity impact is rated as high given the ability to write files as root.

Cisco Path Traversal Cisco Nexus Dashboard +1
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided).

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier.

Cisco Authentication Bypass Cisco Evolved Programmable Network Manager Epnm
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching.

Cisco Command Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis.

Cisco RCE Memory Corruption +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure.

Cisco Command Injection
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover.

Cisco Command Injection
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.

Cisco Authentication Bypass
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected XSS in Cisco IMC web management interface allows unauthenticated remote attackers to execute arbitrary JavaScript in user browsers via crafted links. Affects Cisco Enterprise NFV Infrastructure Software, Cisco Unified Computing System (standalone), and UCS E-Series Software. Exploitation requires user interaction (clicking a malicious link) but could lead to session hijacking, credential theft, or malware delivery to privileged administrators managing critical infrastructure.

Cisco XSS
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Server-side request forgery in Cisco Nexus Dashboard and Nexus Dashboard Insights allows unauthenticated remote attackers to conduct SSRF attacks by tricking authenticated users into clicking malicious links, enabling arbitrary network requests from the affected device and potential execution of arbitrary script code or access to sensitive browser data. CVSS 6.1 with no public exploit or active exploitation confirmed at time of analysis.

Cisco SSRF
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified.

Cisco Information Disclosure Cisco Nexus Dashboard
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.

Cisco XSS Cisco Catalyst Sd Wan Manager
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the web-based Cisco IOx application hosting environment management interface within Cisco IOS XE Software, allowing authenticated remote attackers with administrative credentials to inject malicious scripts that execute in the context of other users' browser sessions. Successful exploitation enables arbitrary script execution and access to sensitive browser-based information affecting a wide range of Cisco IOS XE versions from 16.6.1 through 17.18.1a. This vulnerability requires valid administrative credentials and user interaction but poses a significant risk in multi-administrator environments where privilege escalation or lateral movement could occur.

Cisco XSS Apple
NVD VulDB
Page 1 of 62 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy