CVE-2026-20093 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 3, 2026
Cisco Integrated Management Controller - Authentication Bypass
Overview
Cisco Integrated Management Controller contains an authentication bypass caused by incorrect handling of password change requests, letting unauthenticated remote attackers bypass authentication and gain admin access, exploit requires crafted HTTP request.
Severity & Score
Impact
Unauthenticated attackers can bypass authentication, change any user's password, and gain admin access to the system.
Mitigation
Update to the latest available version with the fix.
Social Media Activity(1 post)
Critical Cisco IMC Authentication Bypass Allows Remote Administrative Takeover Cisco patched a critical authentication bypass (CVE-2026-20093) in its Integrated Management Controller that allows unauthenticated attackers to gain Admin access by changing passwords via crafted HTTP requests. **If your organization is running Cisco FMC on-premise, SSM On-Prem, or UCS servers with exposed IMC interfaces, consider this urgent and critical. Your immediate first step must be to ensure the web and management interfaces for all these devices are strictly isolated and accessible only from highly trusted internal networks. Even if you have them isolated, threat actors will weaponize these flaws and look for a way in.** #cybersecurity #infosec #advisory #vulnerability https://beyondmachines.net/event_details/critical-cisco-imc-authentication-bypass-allows-remote-administrative-takeover-6-o-v-j-i/gD2P6Ple2L
View original postRelated Resources
Details
- CVE ID
- CVE-2026-20093
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 2.6%
- Social Posts
- 1
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H