Command Injection Vulnerability in Cisco UCS Manager Software
CVE-2026-20036
What is CVE-2026-20036?
A command injection vulnerability exists in the CLI and web-based management interface of Cisco UCS Manager Software. This flaw arises from insufficient input validation of user-supplied command arguments. By authenticating as a legitimate user, an attacker can submit specially crafted inputs that exploit this vulnerability. Compromising this flaw could enable the attacker to execute arbitrary commands on the affected device’s operating system with root-level access, posing a significant risk to device integrity and security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Cisco Unified Computing System (Managed) 4.0(4h)
Cisco Unified Computing System (Managed) 4.1(1a)
Cisco Unified Computing System (Managed) 4.0(1c)
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved