Privilege Escalation Vulnerability in Cisco Smart Software Manager On-Prem
CVE-2026-20151

7.3HIGH

Key Information:

Vendor: Cisco
Status: Cisco Smart Software Manager On-prem
Vendor: CVE Published:; 1 April 2026

Badges

👾 Exploit Exists

What is CVE-2026-20151?

A vulnerability exists in the web interface of Cisco Smart Software Manager On-Prem that enables an authenticated, remote attacker to elevate their privileges. By exploiting improper transmission of sensitive user data, attackers can send crafted messages to an affected Cisco SSM On-Prem host, retrieving session credentials from the status messages. This allows them to gain higher privileges on the system, compromising sensitive user accounts that are currently logged in via the web interface. Users logged in through SSH are not affected by this issue.

Affected Version(s)

Cisco Smart Software Manager On-Prem 7-202001

Cisco Smart Software Manager On-Prem 8-202004

Cisco Smart Software Manager On-Prem 8-202006

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Apr 1, 2026
Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20151 Data

JSON