120
CVEs
10
Critical
27
High
2
KEV
5
PoC
37
Unpatched C/H
0.8%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
10
HIGH
27
MEDIUM
83
LOW
0
Monthly CVE Trend
Affected Products (30)
Ios Xe
31
Identity Services Engine
16
Ios Xr
13
Unified Contact Center Express
11
Catalyst Sd Wan Manager
9
Evolved Programmable Network Manager
8
Prime Infrastructure
8
Secure Firewall Management Center
7
Webex Meetings
6
Nexus Dashboard
5
Firepower Threat Defense
5
Catalyst Center
5
Adaptive Security Appliance Software
5
Java
5
Jwt Attack
5
Crosswork Network Controller
4
Asyncos
4
Application Policy Infrastructure Controller
4
Open Redirect
4
Unified Communications Manager
4
Desk Phone 9851 Firmware
3
Desk Phone 9871 Firmware
3
Cisco Catalyst Sd Wan Manager
3
Common Services Platform Collector
3
SSH
3
Desk Phone 9841 Firmware
3
Unified Intelligence Center
3
TLS
3
Desk Phone 9861 Firmware
3
Video Phone 8875 Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | CRITICAL | 10.0 | 0.6% | 141 |
KEV
PoC
No patch
|
| CVE-2026-20182 | Remote unauthenticated attackers can bypass peering authentication in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage) to obtain administrative privileges and manipulate network configurations across the entire SD-WAN fabric. This critical authentication bypass (CVSS 10.0) allows direct NETCONF access as a high-privileged internal user without any credentials. Cisco released fixes in May 2026 following discovery of this second authentication flaw after a February 2026 disclosure of a related vulnerability. No active exploitation confirmed in CISA KEV at time of analysis, though the maximum CVSS score and authentication bypass nature make this a priority patching target for SD-WAN deployments. | CRITICAL | 10.0 | 1.6% | 127 |
KEV
PoC
No patch
|
| CVE-2026-20079 | Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0. | CRITICAL | 10.0 | 0.2% | 90 |
PoC
No patch
|
| CVE-2026-20223 | Authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to invoke internal REST API endpoints and act with Site Admin privileges across tenant boundaries. The flaw carries a maximum CVSS 10.0 score with a changed scope and full CIA impact, and no public exploit has been identified at time of analysis. Successful exploitation enables reading sensitive tenant data and modifying configuration globally, making this a critical-priority issue for any organization running affected versions. | CRITICAL | 10.0 | 0.0% | 50 |
No patch
|
| CVE-2026-20147 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating | CRITICAL | 9.9 | 0.2% | 50 |
No patch
|
| CVE-2026-20186 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying | CRITICAL | 9.9 | 0.2% | 50 |
No patch
|
| CVE-2026-20180 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying | CRITICAL | 9.9 | 0.2% | 50 |
No patch
|
| CVE-2026-20160 | Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.2% | 49 |
No patch
|
| CVE-2026-20184 | A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote atta | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-20093 | Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment. | CRITICAL | 9.8 | 0.0% | 49 |
PoC
No patch
|
| CVE-2026-20094 | Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2026-20040 | Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20046 | Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20034 | Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence. | HIGH | 8.8 | 0.4% | 44 |
No patch
|
| CVE-2026-20039 | Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available. | HIGH | 8.6 | 0.2% | 43 |
No patch
|