CVE-2026-20160
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk56th percentile — higher than 56% of all known CVEs
Summary
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The issue is due to unintentional exposure of an internal service.
Risk Assessment
An attacker can gain full root-level control over the operating system, leading to complete compromise of the host and potential access to sensitive network data.
Recommendation
Apply the Cisco-provided update for SSM On-Prem immediately and restrict API access to trusted networks only.
Original NVD description (English source)
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An attacker could exploit this vulnerability by sending a crafted request to the API of the exposed service. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

