Threat Intelligence / CVE / CVE-2026-20160

CVE-2026-20160

CVSS 9.8 (CRITICAL) · EPSS 0.2% · Published 2026-04-01

Critical unauthenticated remote code execution vulnerability (CVSS 9.8) in Cisco Smart Software Manager On-Prem (SSM On-Prem) caused by unintentional exposure of an internal service (CWE-668: Exposure of Resource to Wrong Sphere). An unauthenticated remote attacker can send a crafted request to the API of the exposed service to execute arbitrary commands on the underlying operating system with root-level privileges. The attack is network-based with low complexity, requiring no privileges or user interaction. Disclosed by Cisco PSIRT on April 1, 2026 alongside CVE-2026-20093 as part of a critical Cisco security advisory batch. No workarounds are available; patching is the only remediation.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-668

Threats tracking this CVE

CVE-2026-20093: Cisco IMC Authentication Bypass — Unauthenticated Admin Access via Password Change Manipulation — CRITICAL

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr

Full detection coverage & IOCs for threats exploiting CVE-2026-20160 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence