LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-20093

CVE-2026-20093 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 1, 2026

Cisco Integrated Management Controller - Authentication Bypass

Published: April 1, 2026Updated: April 1, 2026Remote Exploitable

Overview

Cisco Integrated Management Controller contains an authentication bypass caused by incorrect handling of password change requests, letting unauthenticated remote attackers bypass authentication and gain admin access, exploit requires crafted HTTP request.

Severity & Score

Severity: Critical
CVSS Score: 9.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can bypass authentication, change any user's password, and gain admin access to the system.

Mitigation

Update to the latest available version with the fix.

References

Social Media Activity(2 posts)

AA
AA
@AAKL
Apr 1, 2026

And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day. New. Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Also new: Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn Three high-severity entries: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability @cR0w

View original post
AA
AA
@AAKL
Apr 1, 2026

And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day. New. Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Also new: Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn Three high-severity entries: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability @cR0w

View original post

Related Resources

Details

CVE ID
CVE-2026-20093
Severity
Critical
CVSS Score
9.8
Type
broken_authentication
Status
new
EPSS
0.0%
Social Posts
2

CWE

  • CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days