CVE-2026-20160 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 1, 2026
Cisco Smart Software Manager On-Prem - Command Injection
Overview
Cisco Smart Software Manager On-Prem contains a command injection caused by unintentional exposure of an internal service API, letting unauthenticated remote attackers execute arbitrary OS commands with root privileges, exploit requires access to exposed API.
Severity & Score
Impact
Unauthenticated remote attackers can execute arbitrary commands with root privileges, leading to full system compromise.
Mitigation
Update to the latest version with the internal service properly secured or patched.
Social Media Activity(2 posts)
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day. New. Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Also new: Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn Three high-severity entries: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability @cR0w
View original post
And (drum roll) .... here it is. Grab a coffee, Cisco's having a bad hair day. New. Critical: CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr Also new: Critical: CVE-2026-20093: Cisco Integrated Management Controller Authentication Bypass Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn Three high-severity entries: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnm-improp-auth-mUwFWUU3 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-3hKN3bVt Four medium-severity entries toward the end of today's list: https://sec.cloudapps.cisco.com/security/center/publicationListing.x @TalosSecurity #infosec #Cisco #vulnerability @cR0w
View original postRelated Resources
Details
- CVE ID
- CVE-2026-20160
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- command_injection
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-668
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H