CVE-2026-20093

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin.

This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user.

Improper Input Validation

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality Integrity

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://sec.cloudapps.cisco.com/security/center/content/Cis…

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…

CVE-2026-20093

Description

Improper Input Validation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter