Authentication Bypass in Cisco Integrated Management Controller
CVE-2026-20093

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Enterprise Nfv Infrastructure Software; Cisco Unified Computing System (standalone); Cisco Unified Computing System E-series Software (ucse)
Vendor: CVE Published:; 1 April 2026

Badges

📈 Score: 185👾 Exploit Exists📰 News Worthy

What is CVE-2026-20093?

CVE-2026-20093 is a serious vulnerability found in the Cisco Integrated Management Controller (IMC), which is a critical component for managing Cisco server hardware. This system is designed to provide administrative controls, health monitoring, and configuration management of Cisco servers. The vulnerability allows unauthenticated remote attackers to bypass the authentication process associated with the password change functionality. By exploiting this flaw, attackers can send specially crafted HTTP requests to the affected device, enabling them to gain administrative access and alter user passwords, including those of administrators. Such unauthorized access can severely compromise the integrity and security of the systems managed by Cisco IMC, potentially allowing attackers to execute malicious actions or gain foothold within a corporate network.

Potential impact of CVE-2026-20093

Unauthorized Administrative Access: Attackers could gain full administrative control over the Cisco IMC, allowing them to manipulate configurations, access sensitive data, and implement harmful changes to the affected systems.
User Account Compromise: The ability to change passwords of any user, particularly administrative accounts, could lead to further exploitation opportunities, as attackers may establish persistence within the network by creating new access pathways.
Increased Risk of Data Breaches: Given the critical nature of the system management tasks handled by Cisco IMC, a successful exploitation may result in significant data exposure or loss, potentially impacting business operations and regulatory compliance.

Affected Version(s)

Cisco Enterprise NFV Infrastructure Software 4.1.1

Cisco Enterprise NFV Infrastructure Software 3.9.1

Cisco Enterprise NFV Infrastructure Software 3.5.2

News Articles

Plato Data Intelligence

CVE-2026-35616 CVE-2026-20093

Week In Review: Axios Npm Supply Chain Compromise, Critical FortiClient EMS Bugs Exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

5 days ago

Help Net Security

CVE-2026-35616 CVE-2026-20093

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity

5 days ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Plato Data Intelligence
Apr 5, 2026
👾
Exploit known to exist
Apr 1, 2026
Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20093 Data

JSON