112
CVEs
6
Critical
30
High
3
KEV
4
PoC
36
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
6
HIGH
30
MEDIUM
76
LOW
0
Monthly CVE Trend
Affected Products (30)
Ios Xe
31
Command Injection
22
Identity Services Engine
18
Ios Xr
13
Unified Contact Center Express
11
Catalyst Sd Wan Manager
11
Tls
8
Evolved Programmable Network Manager
8
Prime Infrastructure
8
Secure Firewall Management Center
7
Webex Meetings
6
Java
5
Adaptive Security Appliance Software
5
Catalyst Center
5
Nexus Dashboard
5
Jwt Attack
5
Firepower Threat Defense
5
Ssh
4
Deserialization
4
Asyncos
4
Application Policy Infrastructure Controller
4
Unified Communications Manager
4
Crosswork Network Controller
4
Common Services Platform Collector
3
Desk Phone 9851 Firmware
3
Open Redirect
3
Unified Intelligence Center
3
Identity Services Engine Passive Identity Connector
3
Desk Phone 9841 Firmware
3
Desk Phone 9871 Firmware
3
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20131 | Cisco Secure Firewall Management Center (FMC) contains a critical unauthenticated Java deserialization vulnerability (CVE-2026-20131, CVSS 10.0) in its web interface that enables remote code execution as root. KEV-listed with public PoC, this vulnerability allows complete compromise of the central management platform that controls all Cisco firewalls in the organization, enabling attackers to modify security policies, disable protections, and access all network traffic. | CRITICAL | 10.0 | 0.6% | 141 |
KEV
PoC
No patch
|
| CVE-2026-20127 | Cisco Catalyst SD-WAN Controller and Manager contain a critical authentication bypass (CVE-2026-20127, CVSS 10.0) in the peering authentication mechanism that allows unauthenticated remote attackers to obtain full administrative privileges. The vulnerability exists because peering authentication does not properly validate credentials, enabling any attacker with network access to take over the SD-WAN management plane and control the entire WAN fabric. | CRITICAL | 10.0 | 2.6% | 113 |
KEV
PoC
No patch
|
| CVE-2026-20045 | Cisco Unified Communications Manager and related products contain a code injection vulnerability (CVE-2026-20045) that allows unauthenticated remote attackers to execute arbitrary code. This KEV-listed vulnerability affects the core enterprise voice/video infrastructure including Unified CM, IM&P, Unity Connection, and Webex Calling Dedicated Instance, making it a high-priority threat for organizations dependent on Cisco collaboration tools. | HIGH | 8.2 | 1.0% | 92 |
KEV
No patch
|
| CVE-2026-20079 | Unauthenticated auth bypass in Cisco FMC web interface. CVSS 10.0. | CRITICAL | 10.0 | 0.2% | 90 |
PoC
No patch
|
| CVE-2026-20160 | Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.2% | 49 |
No patch
|
| CVE-2026-20129 | Authentication bypass in Cisco Catalyst SD-WAN Manager API allows unauthenticated remote access to the management platform. Separate vulnerability from the peering auth bypass (CVE-2026-20127). | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2026-20093 | Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment. | CRITICAL | 9.8 | 0.0% | 49 |
PoC
No patch
|
| CVE-2026-20098 | Unauthenticated file upload in Cisco Meeting Management's Certificate Management interface allows authenticated attackers to write arbitrary files and execute commands with root privileges on affected systems. An attacker with valid credentials can exploit improper input validation in the web management interface to overwrite system files processed with elevated privileges, leading to complete system compromise. No patch is currently available for this vulnerability. | HIGH | 8.8 | 0.6% | 45 |
No patch
|
| CVE-2026-20094 | Command injection in Cisco Integrated Management Controller (IMC) web interface allows authenticated attackers with read-only privileges to execute arbitrary commands as root. The CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N) confirms network-accessible exploitation requiring only low-privilege authentication, with no public exploit identified at time of analysis. EPSS data not provided; CVE-2026 prefix suggests future disclosure. | HIGH | 8.8 | 0.3% | 44 |
No patch
|
| CVE-2026-20126 | Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to an authenticated, local attacker with low privileges to gain root privileges on (CVSS 8.8). | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20040 | Insufficient CLI argument validation in Cisco IOS XR Software enables authenticated local attackers to achieve root-level code execution through crafted commands. An attacker with low-privileged account access can exploit this vulnerability to bypass privilege restrictions and execute arbitrary commands on the affected device's underlying operating system. No patch is currently available for this high-severity vulnerability. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20046 | Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20039 | Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available. | HIGH | 8.6 | 0.2% | 43 |
No patch
|
| CVE-2026-20082 | Cisco Secure Firewall ASA devices fail to properly manage embryonic connection limits during TCP SYN flood attacks, allowing unauthenticated remote attackers to block all incoming TCP connections including management access and VPN services. An attacker can exploit this denial-of-service vulnerability by sending crafted traffic streams to management or data interfaces, effectively isolating the device from legitimate network access. No patch is currently available for this HIGH severity vulnerability. | HIGH | 8.6 | 0.1% | 43 |
No patch
|
| CVE-2026-20101 | Cisco Secure Firewall ASA and Secure FTD devices can be remotely rebooted by unauthenticated attackers through malformed SAML 2.0 authentication messages, causing service unavailability due to insufficient input validation. The vulnerability has a high attack surface as it requires no authentication or user interaction and affects the device's core authentication mechanism. No patch is currently available. | HIGH | 8.6 | 0.1% | 43 |
No patch
|