Zero Day MonitorZDM

← Back to list

9.8

CVE-2026-20160

cis · cisco smart software manager on-prem

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

Description

A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Affected Products

Vendor	Product	Versions
cis	cisco smart software manager on-prem	9-202502, 9-202504, 9-202507, 9-202510

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr

Related News (6 articles)

Tier D

SecurityWeek59m ago

Cisco Patches Critical and High-Severity Vulnerabilities

→ No new info (linked only)

Tier D

BleepingComputer2h ago

Critical Cisco IMC auth bypass gives attackers Admin access

→ No new info (linked only)

Tier D

Heise Security7h ago

Cisco stopft teils kritische Lücken in mehreren Produkten

→ No new info (linked only)

Tier B

CERT-FR13h ago

Multiples vulnérabilités dans les produits Cisco (02 avril 2026)

→ No new info (linked only)

Tier C

VulDB20h ago

CVE-2026-20160 | Cisco Smart Software Manager On-Prem 9-202502/9-202504/9-202507/9-202510 API exposure of resource (cisco-sa-ssm-cli-execution-cHUcWuNr)

→ No new info (linked only)

Tier A

Cisco Security21h ago

Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-668

PublishedApr 1, 2026

Last enriched16h agov2

Trending Score71

Source articles6

Independent6

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-20131EXPKEV

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root&n

CRITICALCVE-2026-20093

Cisco Integrated Management Controller Authentication Bypass Vulnerability

HIGHCVE-2026-20094

Cisco Integrated Management Controller Command Injection Vulnerability

MEDIUMCVE-2026-20095

Cisco Integrated Management Controller Command Injection Vulnerability

MEDIUMCVE-2026-20097

Cisco Integrated Management Controller Remote Code Execution Vulnerability

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: vendor, product, affectedVersions

Apr 1, 2026

Version History

v2

Last enriched 16h ago

v2Tier C16h ago

Updated vendor and product information, added affected versions, and changed severity to HIGH.

vendorproductaffectedVersions

via VulDB

v118h ago

Initial creation