29
CVEs
2
Critical
8
High
0
KEV
1
PoC
10
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
8
MEDIUM
19
LOW
0
Monthly CVE Trend
Affected Products (30)
Ios Xe
31
Command Injection
22
Identity Services Engine
18
Ios Xr
13
Unified Contact Center Express
11
Catalyst Sd Wan Manager
11
Tls
8
Evolved Programmable Network Manager
8
Prime Infrastructure
8
Secure Firewall Management Center
7
Webex Meetings
6
Java
5
Adaptive Security Appliance Software
5
Catalyst Center
5
Nexus Dashboard
5
Jwt Attack
5
Firepower Threat Defense
5
Ssh
4
Deserialization
4
Asyncos
4
Application Policy Infrastructure Controller
4
Unified Communications Manager
4
Crosswork Network Controller
4
Common Services Platform Collector
3
Desk Phone 9851 Firmware
3
Open Redirect
3
Unified Intelligence Center
3
Identity Services Engine Passive Identity Connector
3
Desk Phone 9841 Firmware
3
Desk Phone 9871 Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20160 | Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.2% | 49 |
No patch
|
| CVE-2026-20093 | Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment. | CRITICAL | 9.8 | 0.0% | 49 |
PoC
No patch
|
| CVE-2026-20094 | Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2026-20084 | Improper BOOTP packet handling in Cisco IOS XE Software on Catalyst 9000 Series Switches allows unauthenticated remote attackers to trigger VLAN leakage and cause device unavailability through resource exhaustion. An attacker can send crafted BOOTP requests to forward packets across VLANs, leading to high CPU utilization that renders the switch unreachable and unable to process traffic. No patch is currently available for this denial-of-service vulnerability. | HIGH | 8.6 | 0.1% | 43 |
No patch
|
| CVE-2026-20086 | This is a denial of service vulnerability in Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family caused by improper handling of malformed CAPWAP (Control and Provisioning of Wireless Access Points) packets. The vulnerability affects multiple versions of Cisco IOS XE Software in the 17.14.x through 17.18.x release trains. An unauthenticated remote attacker can exploit this to cause the wireless controller to reload unexpectedly, resulting in complete network disruption with a high severity CVSS score of 8.6. | HIGH | 8.6 | 0.1% | 43 |
No patch
|
| CVE-2026-20012 | A denial of service vulnerability in the Internet Key Exchange (CVSS 8.6). High severity vulnerability requiring prompt remediation. | HIGH | 8.6 | 0.1% | 43 |
No patch
|
| CVE-2026-20155 | Improper authorization in Cisco EPNM's REST API allows authenticated low-privilege attackers to access active user session data, including administrative credentials, enabling full device compromise. The vulnerability (CWE-862: Missing Authorization) affects the web management interface with CVSS 8.0 severity. Authentication is required (PR:L) but exploitation complexity is low once authenticated. No public exploit identified at time of analysis, with EPSS data unavailable for this 2026-dated CVE identifier. | HIGH | 8.0 | 0.1% | 40 |
No patch
|
| CVE-2026-20125 | HTTP Server input validation failures in Cisco IOS and IOS XE Release 3E enable authenticated remote attackers to trigger device reloads via malformed requests, causing denial of service. An attacker with valid credentials can exploit improper input handling to exhaust watchdog timers and force unexpected system restarts. No patch is currently available for this vulnerability affecting Cisco and Apple products. | HIGH | 7.7 | 0.1% | 39 |
No patch
|
| CVE-2026-20004 | Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. Successful exploitation renders affected devices unresponsive, with no patch currently available. | HIGH | 7.4 | 0.0% | 37 |
No patch
|
| CVE-2026-20151 | Privilege escalation in Cisco Smart Software Manager On-Prem (SSM On-Prem) web interface allows authenticated remote attackers with System User role to gain administrative access by intercepting session credentials from status messages. CVSS 7.3 (High severity) with network attack vector, low complexity, and requires low privileges plus user interaction. No public exploit code or active exploitation confirmed at time of analysis (EPSS data not provided). | HIGH | 7.3 | 0.0% | 37 |
No patch
|
| CVE-2026-20095 | Command injection in Cisco IMC web-based management interface allows authenticated remote attackers with admin-level privileges to execute arbitrary commands as root. The vulnerability stems from improper input validation in the web interface, enabling attackers to inject crafted commands that execute on the underlying operating system with elevated privileges. While the CVSS score is 6.5 (Medium), Cisco assigned a High Security Impact Rating due to the root-level code execution capability and potential for post-compromise lateral movement or system takeover. | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2026-20096 | Command injection in Cisco IMC web management interface allows authenticated admin-level attackers to execute arbitrary commands as root through improper input validation. Affects Cisco Enterprise NFV Infrastructure Software, Unified Computing System (standalone), and UCS E-Series platforms. No public exploit code or active exploitation confirmed at time of analysis, but the high-privileged context and root-level impact necessitate swift patching. | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2026-20097 | Cisco IMC web-based management interface allows authenticated administrators to execute arbitrary code as root through improper input validation in HTTP requests. The vulnerability affects Cisco Unified Computing System (standalone) and requires admin-level credentials and network access; successful exploitation grants attacker root-level code execution on the underlying operating system. No public exploit code or active exploitation has been identified at time of analysis. | MEDIUM | 6.5 | 0.1% | 33 |
No patch
|
| CVE-2026-20083 | Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|
| CVE-2026-20042 | Cisco Nexus Dashboard configuration backup feature allows authenticated administrators to extract sensitive authentication credentials from encrypted backup files, enabling subsequent unauthorized access to internal APIs and arbitrary root-level command execution on the underlying operating system. The vulnerability requires possession of both a valid backup file and its encryption password, limiting exploitation to administrators or attackers with backup file access. CVSS 6.5 reflects the high-privilege requirement (PR:H) despite high confidentiality and integrity impact; no public exploit or active exploitation has been identified. | MEDIUM | 6.5 | 0.0% | 33 |
No patch
|